View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2022-24809 severity moderate: SUSE including 294 source package names (2.0.19.3.5.316:snmp-mibs-5.9.3-150300.15.3.1, amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, …), 678 product×package rows across 118 product lines (Container ses/7.1/ceph/keepalived, HPE Helion OpenStack 8, … (118 product lines)): Fixed 303, Known Affected 231, Known Not Affected 144.
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.