Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2019-9162

Published: 25/02/2019 Updated: 05/04/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 466
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Linux Kernel

Vulnerability Summary

In the Linux kernel prior to 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

netapp hci management node -

netapp snapprotect -

netapp solidfire -

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

netapp cn1610_firmware -

Vendor Advisories

Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe, linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2019-9162
Impact: Moderate Public Date: 2019-02-06 CWE: CWE-119 Bugzilla: 1683191: CVE-2019-9162 kernel: out-of-b ...

Exploits

Exploit DB: Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
commit cc2d58634e0f ("netfilter: nf_nat_snmp_basic: use asn1 decoder library", first in 416) changed the nf_nat_snmp_basic module (which, when enabled, parses and modifies the ASN1-encoded payloads of SNMP messages) so that the kernel's ASN1 infrastructure is used instead of an open-coded parser The common ASN1 decoder can invoke callbacks whe ...

Mailing Lists

Full Disclosure: Re: Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213) <!--X-Subject-Header- ...

Github Repositories

https://github.com/xlloss/meta-timesys

imx yocto30

What is meta-timesys? This Yocto layer provides scripts for image manifest generation used for security monitoring and notification as part of the Timesys Vigiles product offering What is Vigiles? Vigiles is a vulnerability management tool that provides build-time Yocto CVE Analysis of target images It does this by collecting metadata about packages to be installed and upload

https://github.com/TimesysGit/meta-timesys

Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.

What is meta-timesys? This Yocto layer provides scripts for image manifest generation used for security monitoring and notification as part of the Timesys Vigiles product offering What is Vigiles? Vigiles is a vulnerability management tool that provides build-time Yocto CVE Analysis of target images It does this by collecting metadata about packages to be installed and upload

https://github.com/renren82/timesys

What is meta-timesys? This Yocto layer provides scripts for image manifest generation used for security monitoring and notification as part of the Timesys Vigiles product offering What is Vigiles? Vigiles is a vulnerability management tool that provides build-time Yocto CVE Analysis of target images It does this by collecting metadata about packages to be installed and upload

https://github.com/siva7080/meta-timesys

What is meta-timesys? This Yocto layer provides scripts for image manifest generation used for security monitoring and notification as part of the Timesys Vigiles product offering What is Vigiles? Vigiles is a vulnerability management tool that provides build-time Yocto CVE Analysis of target images It does this by collecting metadata about packages to be installed and upload

References

CWE-787https://github.com/torvalds/linux/commit/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fchttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.12https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.25https://bugs.chromium.org/p/project-zero/issues/detail?id=1776http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4c07b4d6fa1f11880eab8e076d3d060ef3f55fchttp://www.securityfocus.com/bid/107159https://www.exploit-db.com/exploits/46477/https://security.netapp.com/advisory/ntap-20190327-0002/https://usn.ubuntu.com/3930-2/https://usn.ubuntu.com/3930-1/https://support.f5.com/csp/article/K31864522https://nvd.nist.govhttps://usn.ubuntu.com/3930-1/https://www.exploit-db.com/exploits/46477
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook