Source: net-snmp X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for net-snmp. CVE-2022-44792[0]: | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP | 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by | a remote attacker (who has write access) to cause the instance to | crash via a crafted UDP packet, resulting in Denial of Service. https://github.com/net-snmp/net-snmp/issues/474 https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428 CVE-2022-44793[1]: | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net- | SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be | used by a remote attacker to cause the instance to crash via a crafted | UDP packet, resulting in Denial of Service. https://github.com/net-snmp/net-snmp/issues/475 https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-44792 https://www.cve.org/CVERecord?id=CVE-2022-44792 [1] https://security-tracker.debian.org/tracker/CVE-2022-44793 https://www.cve.org/CVERecord?id=CVE-2022-44793 Please adjust the affected versions in the BTS as needed.
