ELA-815-1 net-snmp security update

Denial of Service

2023-03-13
Packagenet-snmp
Version5.7.2.1+dfsg-1+deb8u6 (jessie), 5.7.3+dfsg-1.7+deb9u5 (stretch)
Related CVEs CVE-2022-44792 CVE-2022-44793


net-snmp, Simple Network Management Protocol agents, were reported to have a couple of vulnerabilities, resulting in a denial of service.

CVE-2022-44792

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP
has a NULL Pointer Exception bug that can be used by a remote attacker
(who has write access) to cause the instance to crash via a crafted UDP
packet, resulting in Denial of Service.

CVE-2022-44793

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP
has a NULL Pointer Exception bug that can be used by a remote attacker to
cause the instance to crash via a crafted UDP packet, resulting in
Denial of Service.


For Debian 8 jessie, these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u6.

For Debian 9 stretch, these problems have been fixed in version 5.7.3+dfsg-1.7+deb9u5.

We recommend that you upgrade your net-snmp packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.