| Package | net-snmp |
|---|---|
| Version | 5.7.2.1+dfsg-1+deb8u6 (jessie), 5.7.3+dfsg-1.7+deb9u5 (stretch) |
| Related CVEs | CVE-2022-44792 CVE-2022-44793 |
net-snmp, Simple Network Management Protocol agents, were reported to have a couple of vulnerabilities, resulting in a denial of service.
CVE-2022-44792
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP
has a NULL Pointer Exception bug that can be used by a remote attacker
(who has write access) to cause the instance to crash via a crafted UDP
packet, resulting in Denial of Service.
CVE-2022-44793
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP
has a NULL Pointer Exception bug that can be used by a remote attacker to
cause the instance to crash via a crafted UDP packet, resulting in
Denial of Service.
For Debian 8 jessie, these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 5.7.3+dfsg-1.7+deb9u5.
We recommend that you upgrade your net-snmp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.