CVE-2008-4309

EPSS 10.68%
Veröffentlicht 31.10.2008 20:29:09
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,  related to the number of responses or repeats.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 45

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Net-snmp ≫ Net-snmp Version5.2.5

Net-snmp ≫ Net-snmp Version5.3.2.2

Net-snmp ≫ Net-snmp Version5.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.68%	0.93

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/35074

http://support.apple.com/kb/HT3549

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/1297

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://secunia.com/advisories/32664

http://secunia.com/advisories/33003

http://www.debian.org/security/2008/dsa-1663

http://www.ubuntu.com/usn/usn-685-1