CVE-2022-24810
- Source
- https://cve.org/CVERecord?id=CVE-2022-24810
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24810.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-24810
- Downstream
- Related
- Published
- 2024-04-16T19:59:41.084Z
- Modified
- 2026-06-15T12:18:37.696551760Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.
- Details
-
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24810.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-476" ] }- References
-
- https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24810.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-24810
- https://security.gentoo.org/glsa/202210-29
- https://www.debian.org/security/2022/dsa-5209
- https://bugzilla.redhat.com/show_bug.cgi?id=2103225
- https://bugzilla.redhat.com/show_bug.cgi?id=2105241
- https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775
- https://github.com/net-snmp/net-snmp
Affected packages
Git / github.com/net-snmp/net-snmp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/net-snmp/net-snmp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "5.9.2" } ], "cpe": "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", "source": [ "CPE_RANGE", "REFERENCES" ] }
Affected versions
v3.*
v3.0
v3.0.1
v3.0.2
v3.0.2.1
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.7.1
v3.0.7.2
v3.1
v3.1.0.1
v3.1.1
v3.1.2
v3.1.2.1
v3.1.3
v3.2
v3.3
v3.4
v3.5
v3.6
v3.6.1
v4.*
v4.0
v4.0.1
v4.1
v4.1.1
v4.2
v5.*
v5.0
v5.0.1
v5.0.11.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.1
v5.1.4.1
v5.2
v5.3
v5.4
v5.5
v5.5.pre1
v5.5.pre2
v5.5.pre3
v5.5.rc1
v5.5.rc2
v5.5.rc3
v5.6
v5.6.pre1
v5.6.pre2
v5.6.pre3
v5.6.rc1
v5.6.rc2
v5.6.rc3
v5.7
v5.7.pre1
v5.7.pre2
v5.7.rc1
v5.7.rc2
v5.7.rc3
v5.8
v5.8.1.pre1
v5.8.1.pre2
v5.8.1.rc1
v5.8.pre1
v5.8.pre2
v5.8.pre3
v5.8.rc1
v5.8.rc2
v5.8.rc3
v5.8.rc4
v5.9
v5.9.1
v5.9.1.pre1
v5.9.1.rc1
v5.9.2.pre1
v5.9.2.rc1
v5.9.2.rc2
v5.9.rc2
v5.9.verfix