CVE-2008-2292

Summary

CVE	CVE-2008-2292
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-05-18 14:20:00 UTC
Updated	2017-09-29 01:31:00 UTC
Description	Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Net-snmp	Net-snmp	5.1.4	All	All	All
Application	Net-snmp	Net-snmp	5.2.4	All	All	All
Application	Net-snmp	Net-snmp	5.4.1	All	All	All
Application	Net-snmp	Net-snmp	5.1.4	All	All	All
Application	Net-snmp	Net-snmp	5.2.4	All	All	All
Application	Net-snmp	Net-snmp	5.4.1	All	All	All

References

Reference	Source	Link	Tags
VUPEN Security - Offensive Cyber Security	VUPEN	www.vupen.com
Debian -- Security Information -- DSA-1663-1 net-snmp	DEBIAN	www.debian.org
Fedora update for net-snmp - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Net-SNMP: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	security.gentoo.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
USN-685-1: Net-SNMP vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
Support / Security / Advisories / / MDVSA-2008:118 \| Mandriva	MANDRIVA	www.mandriva.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
VMSA-2008-0013.3 - VMware	CONFIRM	www.vmware.com
Avaya Products Net-snmp Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Support \| Red Hat	REDHAT	www.redhat.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
SUSE update for net-snmp - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Gentoo update for net-snmp - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
[SECURITY] Fedora 7 Update: net-snmp-5.4-18.fc7	FEDORA	www.redhat.com
Sun Solaris System Management Agent SNMP Daemon Buffer Overflow - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
[security-announce] SUSE Security Announcement: net-snmp (SUSE-SA:2008:0	SUSE	lists.opensuse.org
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8	FEDORA	www.redhat.com
239785	SUNALERT	sunsolve.sun.com
Security Advisory SA32664 - Debian update for net-snmp - Secunia	SECUNIA	secunia.com
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-18.fc9	FEDORA	www.redhat.com
VMware updates for OpenSSL, net-snmp, and perl - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
ASA-2008-282 (RHSA-2008-0529)	CONFIRM	support.avaya.com
Net-SNMP Perl Module Buffer Overflow Vulnerability	BID	www.securityfocus.com
Ubuntu update for net-snmp - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
net-snmp / Bugs / #1894 snmp_get limits ASN1 OCTETSTRING length [CVE-2008-2292]	CONFIRM	sourceforge.net
Red Hat update for net-snmp - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Net-snmp Perl Module "__snprint_value()" Buffer Overflow - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Net-snmp Buffer Overflow in __snprint_value() May Let Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.