Updated net-snmp packages fix security vulnerability
Publication date: 29 Aug 2022Type: security
Affected Mageia releases : 8
CVE: CVE-2022-24805 , CVE-2022-24806 , CVE-2022-24807 , CVE-2022-24808 , CVE-2022-24809 , CVE-2022-24810
Description
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805) Buffer overflow and out of bounds memory access. (CVE-2022-24806) A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. (CVE-2022-24807) A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. (CVE-2022-24808) A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809) A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)
References
- https://bugs.mageia.org/show_bug.cgi?id=30697
- https://ubuntu.com/security/notices/USN-5543-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
- https://www.debian.org/security/2022/dsa-5209
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
SRPMS
8/core
- net-snmp-5.9-1.1.mga8