CVE-2019-20892MEDIUM
Description
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
References
http://www.openwall.com/lists/oss-security/2020/06/25/4
https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
https://bugzilla.redhat.com/show_bug.cgi?id=1663027
https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
https://security.gentoo.org/glsa/202008-12
https://sourceforge.net/p/net-snmp/bugs/2923/
Details
Source: MITRE
Published: 2020-06-25
Updated: 2021-01-20
Type: CWE-415
Risk Information
CVSS v2.0
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:* versions up to 5.8 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 143110 | F5 Networks BIG-IP : SNMP vulnerability (K45212738) | Nessus | F5 Networks Local Security Checks | medium |
| 142584 | EulerOS Virtualization 3.0.6.6 : net-snmp (EulerOS-SA-2020-2470) | Nessus | Huawei Local Security Checks | medium |
| 142257 | EulerOS 2.0 SP2 : net-snmp (EulerOS-SA-2020-2370) | Nessus | Huawei Local Security Checks | high |
| 142109 | EulerOS 2.0 SP5 : net-snmp (EulerOS-SA-2020-2259) | Nessus | Huawei Local Security Checks | medium |
| 140823 | EulerOS 2.0 SP3 : net-snmp (EulerOS-SA-2020-2056) | Nessus | Huawei Local Security Checks | high |
| 140324 | EulerOS Virtualization for ARM 64 3.0.2.0 : net-snmp (EulerOS-SA-2020-1954) | Nessus | Huawei Local Security Checks | medium |
| 140009 | EulerOS Virtualization for ARM 64 3.0.6.0 : net-snmp (EulerOS-SA-2020-1906) | Nessus | Huawei Local Security Checks | medium |
| 139888 | GLSA-202008-12 : Net-SNMP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 139144 | EulerOS 2.0 SP8 : net-snmp (EulerOS-SA-2020-1814) | Nessus | Huawei Local Security Checks | medium |
| 138813 | Photon OS 3.0: Net PHSA-2020-3.0-0114 | Nessus | PhotonOS Local Security Checks | medium |
| 138520 | Photon OS 2.0: Net PHSA-2020-2.0-0262 | Nessus | PhotonOS Local Security Checks | medium |
| 138517 | Photon OS 1.0: Net PHSA-2020-1.0-0308 | Nessus | PhotonOS Local Security Checks | medium |
| 138135 | Ubuntu 20.04 : Net-SNMP vulnerability (USN-4410-1) | Nessus | Ubuntu Local Security Checks | medium |