CVE-2019-20892 : net-snmp before 5.8.1.pre1 has a double free in usm_free

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.

Published 2020-06-25 10:15:11

Updated 2022-09-02 15:31:25

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2019-20892

Oracle » Zfs Storage Appliance Kit » Version: 8.8
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Matching versions
Net-snmp » Net-snmp
Versions up to, including, (<=) 5.8
cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-20892

EPSS FAQ

0.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-20892

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-20892

CWE-415 Double Free

The product calls free() twice on the same memory address.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-20892

https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027

Bug #1877027 " SNMP stopped running all of sudden (snmpd 5.8+dfs... : Bugs : net-snmp package : Ubuntu
Exploit;Issue Tracking;Third Party Advisory
https://security.gentoo.org/glsa/202008-12

Net-SNMP: Multiple vulnerabilities (GLSA 202008-12) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://sourceforge.net/p/net-snmp/bugs/2923/

net-snmp / Bugs / #2923 5.8.0: linux seeing snmpd snmpusb.c:usm_rgenerate_out_msg() core dump with double free error
Exploit;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1663027

1663027 – net-snmpd double free or corruption error
Exploit;Issue Tracking;Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Oracle Critical Patch Update Advisory - January 2021
Patch;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4410-1/

USN-4410-1: Net-SNMP vulnerability | Ubuntu security notices | Ubuntu
Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9

libsnmp, USM: Introduce a reference count in struct usmStateReference · net-snmp/net-snmp@5f881d3 · GitHub
Patch;Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/06/25/4

oss-security - [cve-request@...re.org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1]
Exploit;Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-20892

Products affected by CVE-2019-20892

Exploit prediction scoring system (EPSS) score for CVE-2019-20892

CVSS scores for CVE-2019-20892

CWE ids for CVE-2019-20892

References for CVE-2019-20892