Zurück zur CVE-Übersicht
CVE-2008-4309
HIGH(7.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Risk Signal Score22/100 — NIEDRIG
- CVSS 7.5 — Hoch
EPSS-Score
11%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.5
Technische Schwere
Beschreibung
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Referenzen
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
- http://marc.info/?l=bugtraq&m=125017764422557&w=2
- http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/ag...
- http://secunia.com/advisories/32539
- http://secunia.com/advisories/32560
- http://secunia.com/advisories/32664
- http://secunia.com/advisories/32711
- http://secunia.com/advisories/33003