Net-snmp : Security Vulnerabilities, CVEs, CVSS score >= 6
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.49%
Published
2022-11-07
Updated
2023-03-28
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.49%
Published
2022-11-07
Updated
2023-03-28
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-08-20
Updated
2023-11-22
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-08-20
Updated
2022-12-03
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
Max CVSS
6.5
EPSS Score
0.43%
Published
2020-06-25
Updated
2022-09-02
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
Max CVSS
9.8
EPSS Score
82.26%
Published
2018-03-07
Updated
2020-08-24
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
7.5
EPSS Score
0.39%
Published
2018-10-08
Updated
2019-10-16
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.41%
Published
2018-10-08
Updated
2019-10-16
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Max CVSS
7.5
EPSS Score
7.03%
Published
2015-08-19
Updated
2018-10-10
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Max CVSS
6.8
EPSS Score
23.82%
Published
2008-05-18
Updated
2017-09-29
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
Max CVSS
7.8
EPSS Score
85.07%
Published
2007-11-06
Updated
2018-10-15
Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access.
Max CVSS
7.5
EPSS Score
0.56%
Published
2006-12-06
Updated
2017-07-29
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
Max CVSS
10.0
EPSS Score
9.41%
Published
2005-12-31
Updated
2017-10-11
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
Max CVSS
10.0
EPSS Score
0.05%
Published
2005-05-24
Updated
2017-10-11
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
Max CVSS
6.4
EPSS Score
0.35%
Published
2003-12-01
Updated
2017-10-11
15 vulnerabilities found