Description
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
References (5)
Core 5
Core References
Tool Signature vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9716
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:156
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=506903
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1124.html
Tool Signature vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8426
Scores
EPSS
0.0221
EPSS Percentile
80.3%
Details
CWE
CWE-369
Status
published
Products (1)
net-snmp/net-snmp
5.0.9
Published
Jun 26, 2009
Tracked Since
Feb 18, 2026