Net-SNMP snmp_oid_compare() Function NULL Pointer Exception Denial of Service Vulnerability

By GIXnews

A vulnerability in the snmp_oid_compare() function of Net-SNMP could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the snmp_oid_compare() function, as defined in the snmplib/snmp_api.c source code file of the affected software, and is due to a NULL pointer exception bug. An attacker could exploit this vulnerability by sending a malicious UDP packet to a targeted system. A successful exploit could trigger a NULL pointer dereference condition, causing the affected application to crash and resulting in a DoS condition.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-18066

Source:: Cisco Multivendor Vulnerability Alerts