Vulnerability Description
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Net-Snmp | Net-Snmp | < 5.8 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Netapp | Cloud Backup | - |
| Netapp | Hyper Converged Infrastructure | - |
| Netapp | Storagegrid Webscale | - |
| Netapp | Data Ontap | - |
| Netapp | E-Series Santricity Os Controller | >= 11.0, <= 11.5 |
| Netapp | Solidfire Element Os | - |
| Paloaltonetworks | Pan-Os | <= 7.1.22 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106265Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
- https://dumpco.re/blog/net-snmp-5.7.3-remote-dosExploitPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20181107-0001/Third Party Advisory
- https://security.paloaltonetworks.com/CVE-2018-18065
- https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c4PatchThird Party Advisory
- https://usn.ubuntu.com/3792-1/Third Party Advisory
- https://usn.ubuntu.com/3792-2/Third Party Advisory
- https://usn.ubuntu.com/3792-3/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4314Third Party Advisory
- https://www.exploit-db.com/exploits/45547/ExploitPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://www.securityfocus.com/bid/106265Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
- https://dumpco.re/blog/net-snmp-5.7.3-remote-dosExploitPatchThird Party Advisory
FAQ
What is CVE-2018-18065?
CVE-2018-18065 is a vulnerability with a CVSS score of 6.5 (MEDIUM). _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted ...
How severe is CVE-2018-18065?
CVE-2018-18065 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18065?
Check the references section above for vendor advisories and patch information. Affected products include: Net-Snmp Net-Snmp, Debian Debian Linux, Canonical Ubuntu Linux, Netapp Cloud Backup, Netapp Hyper Converged Infrastructure.