CVE-2008-2292
net-snmp - buffer overflow
EPSS 26.6%
Description
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
How to fix CVE-2008-2292
To remediate CVE-2008-2292, upgrade the affected package to a fixed version below.
- Debian/net-snmp—upgrade to 5.4.1~dfsg-8 or later
- Debian/net-snmp—upgrade to 5.4.1~dfsg-7+lenny1 or later
Is CVE-2008-2292 being exploited?
Moderate — EPSS is 26.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 5.4.1~dfsg-8
- from 0, < 5.4.1~dfsg-7+lenny1