Net Snmp

Do you want an email whenever new security vulnerabilities are reported in Net Snmp?

By the Year

In 2022 there have been 0 vulnerabilities in Net Snmp . Net Snmp did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2022	0	0.00
2021	0	0.00
2020	3	7.37
2019	0	0.00
2018	3	7.93

It may take a day or so for new Net Snmp vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Net Snmp Security Vulnerabilities

Net-SNMP through 5.7.3

CVE-2020-15861 7.8 - High - August 20, 2020

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

insecure temporary file

Net-SNMP through 5.7.3 has Improper Privilege Management

CVE-2020-15862 7.8 - High - August 20, 2020

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

Improper Privilege Management

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request

CVE-2019-20892 6.5 - Medium - June 25, 2020

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.

Double-free

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug

CVE-2018-18065 6.5 - Medium - October 08, 2018

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

NULL Pointer Dereference

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug

CVE-2018-18066 7.5 - High - October 08, 2018

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

NULL Pointer Dereference

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler

CVE-2018-1000116 9.8 - Critical - March 07, 2018

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Net Snmp? Click the Watch button to subscribe.

Net Snmp
Vendor

Net Snmp
Product

Net Snmp

By the Year

Recent Net Snmp Security Vulnerabilities

Net-SNMP through 5.7.3 CVE-2020-15861 7.8 - High - August 20, 2020

Net-SNMP through 5.7.3 has Improper Privilege Management CVE-2020-15862 7.8 - High - August 20, 2020

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request CVE-2019-20892 6.5 - Medium - June 25, 2020

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug CVE-2018-18065 6.5 - Medium - October 08, 2018

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug CVE-2018-18066 7.5 - High - October 08, 2018

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler CVE-2018-1000116 9.8 - Critical - March 07, 2018