OESA-2022-1888

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1888
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1888.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1888
Upstream
Published
2022-09-02T11:04:14Z
Modified
2025-08-12T05:12:54.755262Z
Summary
net-snmp security update
Details

Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes:

    • An extensible agent for responding to SNMP queries including built-in

  • support for a wide range of MIB information modules
    • Command-line applications to retrieve and manipulate information from
  • SNMP-capable devices
    • A daemon application for receiving SNMP notifications
    • A library for developing new SNMP applications, with C and Perl APIs
    • A graphical MIB browser.

Security Fix(es):

https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24809)

CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES(CVE-2022-24807)

https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES

CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference(CVE-2022-24808)

+5.9.2: + security: + - These two CVEs can be exploited by a user with read-only credentials: + - CVE-2022-24805 A buffer overflow in the handling of the INDEX of + NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. + - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable + can cause a NULL pointer dereference. + - These CVEs can be exploited by a user with read-write credentials: + - CVE-2022-24806 Improper Input Validation when SETing malformed + OIDs in master agent and subagent simultaneously + - CVE-2022-24807 A malformed OID in a SET request to + SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an + out-of-bounds memory access. + - CVE-2022-24808 A malformed OID in a SET request to + NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference + - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable + can cause a NULL pointer dereference. + - To avoid these flaws, use strong SNMPv3 credentials and do not share them. + If you must use SNMPv1 or SNMPv2c, use a complex community string + and enhance the protection by restricting access to a given IP address range. + - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for + reporting the following CVEs that have been fixed in this release, and + to Arista Networks for providing fixes.(CVE-2022-24805)

https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24810)

From https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously(CVE-2022-24806)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / net-snmp

Package

Name
net-snmp
Purl
pkg:rpm/openEuler/net-snmp&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9-6.oe1

Ecosystem specific 

{
    "aarch64": [
        "net-snmp-5.9-6.oe1.aarch64.rpm",
        "net-snmp-debuginfo-5.9-6.oe1.aarch64.rpm",
        "net-snmp-perl-5.9-6.oe1.aarch64.rpm",
        "python3-net-snmp-5.9-6.oe1.aarch64.rpm",
        "net-snmp-libs-5.9-6.oe1.aarch64.rpm",
        "net-snmp-gui-5.9-6.oe1.aarch64.rpm",
        "net-snmp-devel-5.9-6.oe1.aarch64.rpm",
        "net-snmp-debugsource-5.9-6.oe1.aarch64.rpm"
    ],
    "src": [
        "net-snmp-5.9-6.oe1.src.rpm"
    ],
    "x86_64": [
        "python3-net-snmp-5.9-6.oe1.x86_64.rpm",
        "net-snmp-debuginfo-5.9-6.oe1.x86_64.rpm",
        "net-snmp-debugsource-5.9-6.oe1.x86_64.rpm",
        "net-snmp-devel-5.9-6.oe1.x86_64.rpm",
        "net-snmp-5.9-6.oe1.x86_64.rpm",
        "net-snmp-gui-5.9-6.oe1.x86_64.rpm",
        "net-snmp-perl-5.9-6.oe1.x86_64.rpm",
        "net-snmp-libs-5.9-6.oe1.x86_64.rpm"
    ],
    "noarch": [
        "net-snmp-help-5.9-6.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / net-snmp

Package

Name
net-snmp
Purl
pkg:rpm/openEuler/net-snmp&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9-6.oe1

Ecosystem specific 

{
    "aarch64": [
        "net-snmp-devel-5.9-6.oe1.aarch64.rpm",
        "python3-net-snmp-5.9-6.oe1.aarch64.rpm",
        "net-snmp-5.9-6.oe1.aarch64.rpm",
        "net-snmp-libs-5.9-6.oe1.aarch64.rpm",
        "net-snmp-gui-5.9-6.oe1.aarch64.rpm",
        "net-snmp-debuginfo-5.9-6.oe1.aarch64.rpm",
        "net-snmp-debugsource-5.9-6.oe1.aarch64.rpm",
        "net-snmp-perl-5.9-6.oe1.aarch64.rpm"
    ],
    "src": [
        "net-snmp-5.9-6.oe1.src.rpm"
    ],
    "x86_64": [
        "net-snmp-debugsource-5.9-6.oe1.x86_64.rpm",
        "net-snmp-gui-5.9-6.oe1.x86_64.rpm",
        "net-snmp-devel-5.9-6.oe1.x86_64.rpm",
        "net-snmp-perl-5.9-6.oe1.x86_64.rpm",
        "python3-net-snmp-5.9-6.oe1.x86_64.rpm",
        "net-snmp-5.9-6.oe1.x86_64.rpm",
        "net-snmp-debuginfo-5.9-6.oe1.x86_64.rpm",
        "net-snmp-libs-5.9-6.oe1.x86_64.rpm"
    ],
    "noarch": [
        "net-snmp-help-5.9-6.oe1.noarch.rpm"
    ]
}

openEuler:22.03-LTS / net-snmp

Package

Name
net-snmp
Purl
pkg:rpm/openEuler/net-snmp&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.1-3.oe2203

Ecosystem specific 

{
    "aarch64": [
        "net-snmp-perl-5.9.1-3.oe2203.aarch64.rpm",
        "net-snmp-debuginfo-5.9.1-3.oe2203.aarch64.rpm",
        "net-snmp-devel-5.9.1-3.oe2203.aarch64.rpm",
        "net-snmp-gui-5.9.1-3.oe2203.aarch64.rpm",
        "net-snmp-libs-5.9.1-3.oe2203.aarch64.rpm",
        "net-snmp-debugsource-5.9.1-3.oe2203.aarch64.rpm",
        "net-snmp-5.9.1-3.oe2203.aarch64.rpm",
        "python3-net-snmp-5.9.1-3.oe2203.aarch64.rpm"
    ],
    "src": [
        "net-snmp-5.9.1-3.oe2203.src.rpm"
    ],
    "x86_64": [
        "net-snmp-5.9.1-3.oe2203.x86_64.rpm",
        "net-snmp-gui-5.9.1-3.oe2203.x86_64.rpm",
        "python3-net-snmp-5.9.1-3.oe2203.x86_64.rpm",
        "net-snmp-perl-5.9.1-3.oe2203.x86_64.rpm",
        "net-snmp-debuginfo-5.9.1-3.oe2203.x86_64.rpm",
        "net-snmp-debugsource-5.9.1-3.oe2203.x86_64.rpm",
        "net-snmp-devel-5.9.1-3.oe2203.x86_64.rpm",
        "net-snmp-libs-5.9.1-3.oe2203.x86_64.rpm"
    ],
    "noarch": [
        "net-snmp-help-5.9.1-3.oe2203.noarch.rpm"
    ]
}