CVE-2012-2141

Description

Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.

How to fix CVE-2012-2141

To remediate CVE-2012-2141, upgrade the affected package to a fixed version below.

• Debian/net-snmp—upgrade to 5.4.3~dfsg-2.5 or later

Is CVE-2012-2141 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 5.4.3~dfsg-2.5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-2141