Bug 2103225 (CVE-2022-24805)

Summary: CVE-2022-24805 net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
Product: [Other] Security Response Reporter: Sage McTaggart <amctagga>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jridky, jsafrane, mhjacks, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: net-snmp 5.9.2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in net-snmp. A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access issue.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2105238, 2105244, 2105245    
Bug Blocks: 2103226    

Description Sage McTaggart 2022-07-01 17:19:12 UTC 
+*5.9.2*:
+    security:
+      - These two CVEs can be exploited by a user with read-only credentials:
+          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
+            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
+            can cause a NULL pointer dereference.
+      - These CVEs can be exploited by a user with read-write credentials:
+          - CVE-2022-24806 Improper Input Validation when SETing malformed
+            OIDs in master agent and subagent simultaneously
+          - CVE-2022-24807 A malformed OID in a SET request to
+            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+            out-of-bounds memory access.
+          - CVE-2022-24808 A malformed OID in a SET request to
+            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
+            can cause a NULL pointer dereference.
+      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
+        If you must use SNMPv1 or SNMPv2c, use a complex community string
+        and enhance the protection by restricting access to a given IP address range.
+      - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
+        reporting the following CVEs that have been fixed in this release, and
+        to Arista Networks for providing fixes.
Comment 1 Sandipan Roy 2022-07-08 10:19:38 UTC 
Created net-snmp tracking bugs for this issue:

Affects: fedora-all [bug 2105238]
Comment 4 errata-xmlrpc 2024-09-26 18:37:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:7260 https://access.redhat.com/errata/RHSA-2024:7260
Comment 5 errata-xmlrpc 2024-10-09 18:26:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7875 https://access.redhat.com/errata/RHSA-2024:7875