net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 9 | RedHat | net-snmp-1:5.9.1-13.el9_4.3 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | net-snmp-1:5.9.1-11.el9_2.2 | * |
| Net-snmp | Ubuntu | bionic | * |
| Net-snmp | Ubuntu | devel | * |
| Net-snmp | Ubuntu | esm-infra/xenial | * |
| Net-snmp | Ubuntu | focal | * |
| Net-snmp | Ubuntu | impish | * |
| Net-snmp | Ubuntu | jammy | * |
| Net-snmp | Ubuntu | kinetic | * |
| Net-snmp | Ubuntu | trusty | * |
| Net-snmp | Ubuntu | trusty/esm | * |
| Net-snmp | Ubuntu | upstream | * |
| Net-snmp | Ubuntu | xenial | * |