SUSE-SU-2022:4205-2

CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.
CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.
CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.
CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.
CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.
CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.9.3-150300.15.3.1

{
    "binaries": [
        {
            "snmp-mibs": "5.9.3-150300.15.3.1",
            "libsnmp40": "5.9.3-150300.15.3.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4205-2.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.9.3-150300.15.3.1

{
    "binaries": [
        {
            "snmp-mibs": "5.9.3-150300.15.3.1",
            "libsnmp40": "5.9.3-150300.15.3.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4205-2.json"