CVE-2022-24809
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-24809
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24809.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-24809
- Downstream
- Related
- Published
- 2024-04-16T19:56:07.108Z
- Modified
- 2025-11-28T02:34:19.223894Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- Details
-
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a
GET-NEXTto thensVacmAccessTableto cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24809.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-476" ] }- References
-
- https://bugzilla.redhat.com/show_bug.cgi?id=2103225
- https://bugzilla.redhat.com/show_bug.cgi?id=2105242
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24809.json
- https://github.com/net-snmp/net-snmp
- https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775
- https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
- https://nvd.nist.gov/vuln/detail/CVE-2022-24809
- https://security.gentoo.org/glsa/202210-29
- https://www.debian.org/security/2022/dsa-5209
Affected packages
Git / github.com/net-snmp/net-snmp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/net-snmp/net-snmp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v3.*
v3.0
v3.0.1
v3.0.2
v3.0.2.1
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.7.1
v3.0.7.2
v3.1
v3.1.0.1
v3.1.1
v3.1.2
v3.1.2.1
v3.1.3
v3.2
v3.3
v3.4
v3.5
v3.6
v3.6.1
v4.*
v4.0
v4.0.1
v4.1
v4.1.1
v4.2
v5.*
v5.0
v5.0.1
v5.0.10
v5.0.10.2
v5.0.11
v5.0.11.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.4.1
v5.2
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.4.pre1
v5.2.4.pre2
v5.2.4.pre3
v5.2.4.rc1
v5.2.4.rc2
v5.2.5
v5.2.5.pre1
v5.2.5.pre2
v5.2.5.rc1
v5.2.5.rc2
v5.2.6
v5.2.6.pre1
v5.2.6.pre2
v5.2.6.rc1
v5.2.6.rc2
v5.2.6.rc3
v5.3
v5.3.1
v5.3.2
v5.3.2.pre1
v5.3.2.rc1
v5.3.3
v5.3.3.pre1
v5.3.3.rc1
v5.3.3.rc2
v5.3.4
v5.3.4.pre1
v5.3.4.pre2
v5.3.4.rc1
v5.4
v5.4.1
v5.4.1.pre1
v5.4.1.pre2
v5.4.1.pre3
v5.4.1.rc1
v5.4.1.rc2
v5.4.1.rc3
v5.4.1.rc4
v5.4.2
v5.4.2.pre1
v5.4.2.pre2
v5.4.2.rc1
v5.4.2.rc2
v5.4.2.rc3
v5.4.3
v5.4.3.pre1
v5.4.3.pre2
v5.4.3.rc1
v5.4.3.rc2
v5.4.3.rc3
v5.4.4
v5.4.4.pre1
v5.4.4.pre2
v5.4.4.rc1
v5.4.5.pre1
v5.4.5.pre2
v5.5
v5.5.1
v5.5.1.rc2
v5.5.2
v5.5.2.pre1
v5.5.2.rc1
v5.5.2.rc2
v5.5.2.rc3
v5.5.pre1
v5.5.pre2
v5.5.pre3
v5.5.rc1
v5.5.rc2
v5.5.rc3
v5.6
v5.6.1
v5.6.1.pre1
v5.6.1.pre2
v5.6.1.rc1
v5.6.1.rc2
v5.6.2
v5.6.2.pre1
v5.6.2.pre2
v5.6.2.rc1
v5.6.2.rc2
v5.6.2.rc3
v5.6.pre1
v5.6.pre2
v5.6.pre3
v5.6.rc1
v5.6.rc2
v5.6.rc3
v5.7
v5.7.1
v5.7.1.pre1
v5.7.1.pre2
v5.7.1.rc1
v5.7.1.rc2
v5.7.1.rc3
v5.7.2
v5.7.2.pre1
v5.7.2.pre2
v5.7.2.pre3
v5.7.2.rc1
v5.7.2.rc2
v5.7.2.rc3
v5.7.3
v5.7.3.pre1
v5.7.3.pre2
v5.7.3.pre3
v5.7.3.pre4
v5.7.3.pre5
v5.7.3.rc1
v5.7.3.rc2
v5.7.3.rc3
v5.7.pre1
v5.7.pre2
v5.7.rc1
v5.7.rc2
v5.7.rc3
v5.8
v5.8.1.pre1
v5.8.1.pre2
v5.8.1.rc1
v5.8.pre1
v5.8.pre2
v5.8.pre3
v5.8.rc1
v5.8.rc2
v5.8.rc3
v5.8.rc4
v5.9
v5.9.1
v5.9.1.pre1
v5.9.1.rc1
v5.9.2.pre1
v5.9.2.rc1
v5.9.2.rc2
v5.9.rc2
v5.9.verfix