6.8

CVE-2008-2292

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Net-snmpNet-snmp Version5.1.4
Net-snmpNet-snmp Version5.2.4
Net-snmpNet-snmp Version5.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.44% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/31467
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
http://www.vupen.com/english/advisories/2008/2361
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html
http://secunia.com/advisories/30187
Vendor Advisory
http://secunia.com/advisories/30615
http://secunia.com/advisories/30647
http://secunia.com/advisories/31155
http://secunia.com/advisories/31334
http://secunia.com/advisories/31351
http://secunia.com/advisories/31568
http://secunia.com/advisories/32664
http://secunia.com/advisories/33003
http://security.gentoo.org/glsa/glsa-200808-02.xml
http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1
http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm
http://www.debian.org/security/2008/dsa-1663
http://www.mandriva.com/security/advisories?name=MDVSA-2008:118
http://www.redhat.com/support/errata/RHSA-2008-0529.html
http://www.securityfocus.com/bid/29212
http://www.securitytracker.com/id?1020527
http://www.ubuntu.com/usn/usn-685-1
http://www.vupen.com/english/advisories/2008/1528/references
http://www.vupen.com/english/advisories/2008/2141/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html