CVE-2008-4309

Publication date 31 October 2008

Last updated 6 June 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

Description

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Status

Package Ubuntu Release Status
net-snmp 8.10 intrepid
Fixed 5.4.1~dfsg-7.1ubuntu6.1
8.04 LTS hardy
Fixed 5.4.1~dfsg-4ubuntu4.2
7.10 gutsy
Fixed 5.3.1-6ubuntu2.2
6.06 LTS dapper
Fixed 5.2.1.2-4ubuntu2.3

Severity score breakdown

Parameter Value
Base score 7.5 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-685-1
    • Net-SNMP vulnerabilities
    • 3 December 2008

Other references

Access our resources on patching vulnerabilities