VIR Vulnerability Intelligence Relay

CVE-2019-20892

medium
Published 2020-04-07 Β· Modified 2020-04-07
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

RHBA-2020:1376: net-snmp bug fix and enhancement update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description net-snmp: double free in usm_free_usmStateReference function in snmplib/snmpusm.c via an SNMPv3 GetBulk request CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8net-snmp-1:5.8-12.el8_1.1RHBA-2020:13762020-04-07T00:00:00Z Red Hat Enterprise Linux…

Description

net-snmp: double free in usm_free_usmStateReference function in snmplib/snmpusm.c via an SNMPv3 GetBulk request

CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8net-snmp-1:5.8-12.el8_1.1RHBA-2020:13762020-04-07T00:00:00Z
Red Hat Enterprise Linux 8net-snmp-1:5.8-12.el8_1.1RHBA-2020:13762020-04-07T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 5net-snmpNot affected
Red Hat Enterprise Linux 6net-snmpNot affected
Red Hat Enterprise Linux 7net-snmpNot affected
Red Hat Enterprise Linux 9net-snmpNot affected

Apply commands

bash fix
Apply RHBA-2020:1376 for Red Hat Enterprise Linux 8
yum update -y net-snmp
# or:
dnf upgrade -y net-snmp

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 5Not affected
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 9Not affected

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed5.8+dfsg-3
debian debianbullseyefixed5.8+dfsg-3
debian debianforkyfixed5.8+dfsg-3
debian debiansidfixed5.8+dfsg-3
debian debiantrixiefixed5.8+dfsg-3
redhat rhel8fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.