Vulnerability Details CVE-2022-44792
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.5%
CVSS Severity
CVSS v3 Score 6.5
References
- https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
- https://github.com/net-snmp/net-snmp/issues/474
- https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html
- https://security.netapp.com/advisory/ntap-20230223-0011/
- https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
- https://github.com/net-snmp/net-snmp/issues/474
- https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html
- https://security.netapp.com/advisory/ntap-20230223-0011/
Products affected by CVE-2022-44792
-
cpe:2.3:a:net-snmp:net-snmp:5.8
-
cpe:2.3:a:net-snmp:net-snmp:5.9
-
cpe:2.3:a:net-snmp:net-snmp:5.9.1
-
cpe:2.3:a:net-snmp:net-snmp:5.9.2
-
cpe:2.3:a:net-snmp:net-snmp:5.9.3
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-