net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
http://www.openwall.com/lists/oss-security/2020/06/25/4
https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
https://bugzilla.redhat.com/show_bug.cgi?id=1663027
https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
https://security.gentoo.org/glsa/202008-12
https://sourceforge.net/p/net-snmp/bugs/2923/
Source: MITRE
Published: 2020-06-25
Updated: 2021-01-20
Type: CWE-415
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
OR
cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:* versions up to 5.8 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
143110 | F5 Networks BIG-IP : SNMP vulnerability (K45212738) | Nessus | F5 Networks Local Security Checks | medium |
142584 | EulerOS Virtualization 3.0.6.6 : net-snmp (EulerOS-SA-2020-2470) | Nessus | Huawei Local Security Checks | medium |
142257 | EulerOS 2.0 SP2 : net-snmp (EulerOS-SA-2020-2370) | Nessus | Huawei Local Security Checks | high |
142109 | EulerOS 2.0 SP5 : net-snmp (EulerOS-SA-2020-2259) | Nessus | Huawei Local Security Checks | medium |
140823 | EulerOS 2.0 SP3 : net-snmp (EulerOS-SA-2020-2056) | Nessus | Huawei Local Security Checks | high |
140324 | EulerOS Virtualization for ARM 64 3.0.2.0 : net-snmp (EulerOS-SA-2020-1954) | Nessus | Huawei Local Security Checks | medium |
140009 | EulerOS Virtualization for ARM 64 3.0.6.0 : net-snmp (EulerOS-SA-2020-1906) | Nessus | Huawei Local Security Checks | medium |
139888 | GLSA-202008-12 : Net-SNMP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
139144 | EulerOS 2.0 SP8 : net-snmp (EulerOS-SA-2020-1814) | Nessus | Huawei Local Security Checks | medium |
138813 | Photon OS 3.0: Net PHSA-2020-3.0-0114 | Nessus | PhotonOS Local Security Checks | medium |
138520 | Photon OS 2.0: Net PHSA-2020-2.0-0262 | Nessus | PhotonOS Local Security Checks | medium |
138517 | Photon OS 1.0: Net PHSA-2020-1.0-0308 | Nessus | PhotonOS Local Security Checks | medium |
138135 | Ubuntu 20.04 : Net-SNMP vulnerability (USN-4410-1) | Nessus | Ubuntu Local Security Checks | medium |