Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia: 2022-0311 Critical: Net-SNMP Buffer Overflow Risks

mageia
Calendar Grey August 29, 2022
Dist Mageia Esm H88
The latest security update MGASA-2022-0311 by Mageia tackles severe buffer overflow vulnerabilities that pose risks to memory management.
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access

Summary

A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805) Buffer overflow and out of bounds memory access. (CVE-2022-24806) A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. (CVE-2022-24807) A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. (CVE-2022-24808) A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809) A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)

References

- https://bugs.mageia.org/show_bug.cgi?id=30697

- https://ubuntu.com/security/notices/USN-5543-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/

- https://lists.debian.org/debian-security-announce/2022/msg00178.html

- https://www.cve.org/CVERecord?id=CVE-2022-24805

- https://www.cve.org/CVERecord?id=CVE-2022-24806

- https://www.cve.org/CVERecord?id=CVE-2022-24807

- https://www.cve.org/CVERecord?id=CVE-2022-24808

- https://www.cve.org/CVERecord?id=CVE-2022-24809

- https://www.cve.org/CVERecord?id=CVE-2022-24810

Topics%20covered

Topics Covered

security advisory buffer overflow critical memory access network management Mageia

Resolution

SRPMS

- 8/core/net-snmp-5.9-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 29 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0311.html
Type: security
CVE: CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810

Topics%20covered

Topics Covered

security advisory buffer overflow critical memory access network management Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here