How severe is CVE-2022-24807?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-24807?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2022-24807 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Related Vulnerabilities

CVE-2014-1617

MEDIUM

CVSS:6.5(Medium)

Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.

CWE-1202014

CVE-2015-5745

MEDIUM

CVSS:6.5(Medium)

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control m...

CWE-1202015

CVE-2017-2633

MEDIUM

CVSS:6.5(Medium)

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_...

CWE-1202017

CVE-2018-14652

MEDIUM

CVSS:6.5(Medium)

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' ...

CWE-1202018

CVE-2019-16336

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload si...

CWE-1202019

CVE-2019-17060

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer head...

CWE-1202019