CVE-2019-20892

medium

Published 2020-04-07 · Modified 2020-04-07

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

RHBA-2020:1376: net-snmp bug fix and enhancement update (Moderate)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description net-snmp: double free in usm_free_usmStateReference function in snmplib/snmpusm.c via an SNMPv3 GetBulk request CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8net-snmp-1:5.8-12.el8_1.1RHBA-2020:13762020-04-07T00:00:00Z Red Hat Enterprise Linux…

Description

net-snmp: double free in usm_free_usmStateReference function in snmplib/snmpusm.c via an SNMPv3 GetBulk request

CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`net-snmp-1:5.8-12.el8_1.1`	RHBA-2020:1376	2020-04-07T00:00:00Z
Red Hat Enterprise Linux 8	`net-snmp-1:5.8-12.el8_1.1`	RHBA-2020:1376	2020-04-07T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 5	`net-snmp`	Not affected
Red Hat Enterprise Linux 6	`net-snmp`	Not affected
Red Hat Enterprise Linux 7	`net-snmp`	Not affected
Red Hat Enterprise Linux 9	`net-snmp`	Not affected

Apply commands

bash fix

Apply RHBA-2020:1376 for Red Hat Enterprise Linux 8

yum update -y net-snmp
# or:
dnf upgrade -y net-snmp

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 5	`Not affected`
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`5.8+dfsg-3`
sid	Fixed	`5.8+dfsg-3`
forky	Fixed	`5.8+dfsg-3`
bullseye	Fixed	`5.8+dfsg-3`
bookworm	Fixed	`5.8+dfsg-3`

Red Hat Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.