CVE-2022-24808
- Source
- https://cve.org/CVERecord?id=CVE-2022-24808
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24808.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-24808
- Downstream
- Related
- Published
- 2024-04-16T19:52:31.783Z
- Modified
- 2026-04-13T11:28:31.953593Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- Details
-
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a
SETrequest toNET-SNMP-AGENT-MIB::nsLogTableto cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. - Database specific
{ "cwe_ids": [ "CWE-476" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24808.json", "cna_assigner": "GitHub_M" }- References
-
- https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24808.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-24808
- https://security.gentoo.org/glsa/202210-29
- https://www.debian.org/security/2022/dsa-5209
- https://bugzilla.redhat.com/show_bug.cgi?id=2103225
- https://bugzilla.redhat.com/show_bug.cgi?id=2105240
- https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
- https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775
- https://github.com/net-snmp/net-snmp
Affected packages
Git / github.com/net-snmp/net-snmp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/net-snmp/net-snmp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
- Database specific
{ "source": [ "CPE_FIELD", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "5.9.2" } ], "cpe": "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*" }
Affected versions
v3.*
v3.0
v3.0.1
v3.0.2
v3.0.2.1
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.7.1
v3.0.7.2
v3.1
v3.1.0.1
v3.1.1
v3.1.2
v3.1.2.1
v3.1.3
v3.2
v3.3
v3.4
v3.5
v3.6
v3.6.1
v4.*
v4.0
v4.0.1
v4.1
v4.1.1
v4.2
v5.*
v5.0
v5.0.1
v5.0.11.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.1
v5.1.4.1
v5.2
v5.3
v5.4
v5.5
v5.5.pre1
v5.5.pre2
v5.5.pre3
v5.5.rc1
v5.5.rc2
v5.5.rc3
v5.6
v5.6.pre1
v5.6.pre2
v5.6.pre3
v5.6.rc1
v5.6.rc2
v5.6.rc3
v5.7
v5.7.pre1
v5.7.pre2
v5.7.rc1
v5.7.rc2
v5.7.rc3
v5.8
v5.8.1.pre1
v5.8.1.pre2
v5.8.1.rc1
v5.8.pre1
v5.8.pre2
v5.8.pre3
v5.8.rc1
v5.8.rc2
v5.8.rc3
v5.8.rc4
v5.9
v5.9.1
v5.9.1.pre1
v5.9.1.rc1
v5.9.2.pre1
v5.9.2.rc1
v5.9.2.rc2
v5.9.rc2
v5.9.verfix
Database specific
vanir_signatures
[
{
"target": {
"file": "agent/mibgroup/mibII/vacm_vars.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"93481678995860343014821550952925501709",
"329883609409088984877513160836570993697",
"90996168828839817641143191009250748746",
"84715928341168886370472531770984568572"
]
},
"signature_type": "Line",
"signature_version": "v1",
"id": "CVE-2022-24808-38d73094"
},
{
"target": {
"function": "nsVacmAccessTable_handler",
"file": "agent/mibgroup/agent/nsVacmAccessTable.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"length": 4486.0,
"function_hash": "42328859980840848703049083694783789413"
},
"signature_type": "Function",
"signature_version": "v1",
"id": "CVE-2022-24808-6693254c"
},
{
"target": {
"file": "agent/mibgroup/agent/nsVacmAccessTable.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"101705815906469133529599957598608078925",
"118536710121215357800279261873153586760",
"76046262169075458752936054848008587493",
"208453342658565314658233108540818746089",
"123641821933806846028751834794904150686",
"101705815906469133529599957598608078925",
"266017915174389378972949351611408207840",
"174172268129687264723675784256469245016",
"193473216283755631885302533396112057238",
"135622840203460710109084437991526085403",
"104909031685728238587798713337917481078",
"52294072460638860849608500565980364202",
"123641821933806846028751834794904150686",
"330272572276198096952265186781298889541",
"114147104779263570726863758453786574611",
"270090253713972384606015251073484123519",
"199388456969406388637798506744447315283",
"5223774676679683017950071917146984374",
"99862687578825556437428992220799198473",
"37229377190004587475133905276553638305",
"85360771265516875339456466166751522892",
"123641821933806846028751834794904150686"
]
},
"signature_type": "Line",
"signature_version": "v1",
"id": "CVE-2022-24808-83606bb4"
},
{
"target": {
"function": "write_usmUserStatus",
"file": "agent/mibgroup/snmpv3/usmUser.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"length": 3340.0,
"function_hash": "199964159541358252145240204005079024052"
},
"signature_type": "Function",
"signature_version": "v1",
"id": "CVE-2022-24808-98a0895f"
},
{
"target": {
"file": "agent/mibgroup/agent/nsLogging.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"289161301384971360487741187332433544387",
"117147511563233464147479629295932571801",
"164548836578273264233821198389692432198",
"321389477694282802299858719753239225377",
"136440181962252683631310067296458462692",
"122575508272880746612488523363151570574",
"164548836578273264233821198389692432198",
"309869416733132685266140377079494838913",
"289161301384971360487741187332433544387",
"117147511563233464147479629295932571801",
"164548836578273264233821198389692432198",
"136370859928119373804431189880326048574"
]
},
"signature_type": "Line",
"signature_version": "v1",
"id": "CVE-2022-24808-cceb5399"
},
{
"target": {
"function": "access_parse_oid",
"file": "agent/mibgroup/mibII/vacm_vars.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"length": 1178.0,
"function_hash": "118375497292323459652607233435155316096"
},
"signature_type": "Function",
"signature_version": "v1",
"id": "CVE-2022-24808-d58d5dff"
},
{
"target": {
"file": "agent/mibgroup/snmpv3/usmUser.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"211813956712650590200040513516643867245",
"200198644239406403094222802618935448258",
"246045345096052309312675647210938041228",
"298070543415549770613339386595090320174",
"275165604706423187201154191902748746246"
]
},
"signature_type": "Line",
"signature_version": "v1",
"id": "CVE-2022-24808-e04fd8d8"
},
{
"target": {
"function": "handle_nsLoggingTable",
"file": "agent/mibgroup/agent/nsLogging.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"deprecated": false,
"digest": {
"length": 5403.0,
"function_hash": "183393581433958351977344098104352299955"
},
"signature_type": "Function",
"signature_version": "v1",
"id": "CVE-2022-24808-f32bf120"
}
]
vanir_signatures_modified
"2026-04-13T11:28:31Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24808.json"