Published: 25/06/2020 Updated: 02/09/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

net-snmp prior to 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.

Vulnerable Product	Search on Vulmon	Subscribe to Product
net-snmp net-snmp
oracle zfs storage appliance kit 8.8

Debian Bug report logs - #963713 net-snmp: CVE-2019-20892 Package: src:net-snmp; Maintainer for src:net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jun 2020 20:33:01 UTC Severity: grave Tags: security, upstream Foun ...

oss-sec mailing list archives   By Date By Thread </form>    [cve-request () mitre org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v581 ...

CWE-415 https://sourceforge.net/p/net-snmp/bugs/2923/https://bugzilla.redhat.com/show_bug.cgi?id=1663027 https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9 http://www.openwall.com/lists/oss-security/2020/06/25/4 https://usn.ubuntu.com/4410-1/https://security.gentoo.org/glsa/202008-12 https://www.oracle.com/security-alerts/cpujan2021.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963713 https://nvd.nist.gov

CVE-2019-20892

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect