CVE-2008-4309

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2008-4309
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2008-10-31 20:29:00 UTC
Updated2023-11-07 02:02:00 UTC
DescriptionInteger overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Net-snmp Net-snmp 5.2.5 All All All
Application Net-snmp Net-snmp 5.3.2.2 All All All
Application Net-snmp Net-snmp 5.4 All All All
Application Net-snmp Net-snmp 5.2.5 All All All
Application Net-snmp Net-snmp 5.3.2.2 All All All
Application Net-snmp Net-snmp 5.4 All All All

References

ReferenceSourceLinkTags
Net-snmp GETBULK Integer Overflow Denial of Service - Secunia Advisories - Vulnerability Information - Secunia.com SECUNIA secunia.com
Debian -- Security Information -- DSA-1663-1 net-snmp DEBIAN www.debian.org
SourceForge.net: News: Security releases: 5.4.2.1, 5.3.2.3 and 5.2.5.1 CONFIRM sourceforge.net
USN-685-1: Net-SNMP vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
IBM X-Force Exchange XF exchange.xforce.ibmcloud.com
Net-SNMP GETBULK Remote Denial of Service Vulnerability BID www.securityfocus.com
SUSE update for net-snmp - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com
Sun Solaris SNMP Daemon Denial of Service Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com SECUNIA secunia.com
Webmail - OVH VUPEN www.vupen.com
About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 CONFIRM support.apple.com
rPath update for net-snmp - Secunia.com SECUNIA secunia.com
Net-SNMP: Denial of Service — Gentoo Linux Documentation GENTOO security.gentoo.org
Repository / Oval Repository OVAL oval.cisecurity.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
VMware ESX Server update for net-snmp and libxml2 - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com
Security Advisory SA33631 - Gentoo update for net-snmp - Secunia SECUNIA secunia.com
469349 – (CVE-2008-4309) CVE-2008-4309 net-snmp: numresponses calculation integer overflow in snmp_agent.c MISC bugzilla.redhat.com
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com SECUNIA secunia.com
Avaya Products Net-snmp GETBULK Denial of Service - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com
About the security content of Security Update 2009-002 / Mac OS X v10.5.7 CONFIRM support.apple.com
US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities CERT www.us-cert.gov US Government Resource
404 Not Found MISC net-snmp.svn.sourceforge.net Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
SecurityFocus BUGTRAQ www.securityfocus.com
Support / Security / Advisories / / MDVSA-2008:225 | Mandriva MANDRIVA www.mandriva.com
Red Hat Customer Portal MISC access.redhat.com
ASA-2008-467 (RHSA-2008-0971) CONFIRM support.avaya.com
Repository / Oval Repository OVAL oval.cisecurity.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 APPLE lists.apple.com
Security Advisory SA32664 - Debian update for net-snmp - Secunia SECUNIA secunia.com
262908 SUNALERT sunsolve.sun.com
Advisories:rPSA-2008-0315 - rPath Wiki CONFIRM wiki.rpath.com
Red Hat update for net-snmp - Secunia.com SECUNIA secunia.com
oss-security - New net-snmp DoS MLIST www.openwall.com
APPLE-SA-2009-05-12 Security Update 2009-002 / Mac OS X v10.5.7 APPLE lists.apple.com
Support REDHAT www.redhat.com
Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service - SecurityTracker SECTRACK www.securitytracker.com
Webmail - OVH VUPEN www.vupen.com
VMSA-2009-0001 - VMware CONFIRM www.vmware.com
Ubuntu update for net-snmp - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com
access.redhat.com | CVE-2008-4309 MISC access.redhat.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:003 SUSE lists.opensuse.org
Repository / Oval Repository OVAL oval.cisecurity.org
'[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Si' - MARC HP marc.info
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report