Vulnerability Details : CVE-2008-2292
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2008-2292
- cpe:2.3:a:net-snmp:net-snmp:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-2292
22.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2292
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-2292
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-2292
-
http://secunia.com/advisories/30647
About Secunia Research | Flexera
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html
502 Bad Gateway
-
http://www.vupen.com/english/advisories/2008/1528/references
Site en construction
-
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
Support Content Notification - Support Portal - Broadcom support portal
-
http://secunia.com/advisories/33003
About Secunia Research | Flexera
-
http://www.securityfocus.com/bid/29212
-
http://secunia.com/advisories/30615
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/2361
Site en construction
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8
-
http://secunia.com/advisories/31334
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2008-0529.html
Support
-
http://secunia.com/advisories/30187
About Secunia Research | FlexeraVendor Advisory
-
http://security.gentoo.org/glsa/glsa-200808-02.xml
Net-SNMP: Multiple vulnerabilities (GLSA 200808-02) — Gentoo security
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-18.fc9
-
http://secunia.com/advisories/31155
About Secunia Research | Flexera
-
http://www.ubuntu.com/usn/usn-685-1
USN-685-1: Net-SNMP vulnerabilities | Ubuntu security notices | Ubuntu
-
http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694
net-snmp / Bugs / #1894 snmp_get limits ASN1 OCTETSTRING length [CVE-2008-2292]
-
http://secunia.com/advisories/31568
About Secunia Research | Flexera
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html
[SECURITY] Fedora 7 Update: net-snmp-5.4-18.fc7
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:118
Mandriva
-
http://www.debian.org/security/2008/dsa-1663
-
http://secunia.com/advisories/31351
About Secunia Research | Flexera
-
http://secunia.com/advisories/31467
About Secunia Research | Flexera
-
http://www.securitytracker.com/id?1020527
Access Denied
-
http://secunia.com/advisories/32664
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42430
Net-SNMP module for Perl __snprint_value function buffer overflow CVE-2008-2292 Vulnerability Report
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1
-
http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm
ASA-2008-282 (RHSA-2008-0529)
-
http://www.vupen.com/english/advisories/2008/2141/references
Site en construction
Jump to