—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Buffer Overflow vulnerability in Net-SNMP 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Net-SNMP versions prior to 5.9.5

Net-SNMP 5.10.pre2 and earlier pre-release builds

Overview

A vulnerability has been reported in Net-SNMP, which could allow a remote attacker to execute arbitrary code or cause denial-of-service (DoS) on affected systems.

Target Audience:

All end-user organizations and individuals using Net-SNMP.

Risk Assessment:

High risk of service disruption, system crashes, or remote compromise.

Impact Assessment:

Potential for denial-of-service (DoS) or remote code execution.

Description

Net-SNMP is an open-source suite of tools and libraries used to monitor and manage network devices using the Simple Network Management Protocol (SNMP).

This vulnerability exists in Net-SNMP due to improper bounds checking during memory operations, which can result in a buffer overflow when specially crafted network packets are processed by a vulnerable Net-SNMP instance.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause denial-of-service (DoS) on affected systems.

Solution

Apply appropriate updates as mentioned in:

https://www.net-snmp.org/download.html

Vendor Information

Net-SNMP

https://www.net-snmp.org/

CVE Name

CVE-2025-68615

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlSlMkACgkQ3jCgcSdc

ys+4UQ//Wy8NNK7QHtn7rDeZQe5o+TfOmAQ7+dnYec7qgMk0aBRZbhTuxAqucY7f

OIkweNbciivZW0i2FlPiNUQccNt3Ri+ne5AD/SILWawI9tby6kJMahzc59hdhESI

it0CKFGpYWH1Gc4WQ7VXNDX6/VGuevaHdY3Gz4/sL7LoqFlspiL9HklJvK8UKGxs

7SZFGkg9tsoreyotqBfwvBFSaD8OEIo7xiaC23rz2TG46jgpj/y9xRJqTsKlj6JA

dozE8Kb0h3AXhwFpX/AGSIAkBe6VPJk0Tm3IRZHLfgfj/UypBKrt3UhwjK2/gE2X

yEnj82dJLwTsAjEFGSVs/aLcQZK7Xg5qm9h7dCjXWHgYwAiM2PSKAYMS98Zb5LL/

8pvWyxJLlbjoF5Bcc7qK0m423gByjnqP6Ii1XUAUQP0KnkzoTy+MMDSGvlV9UFHP

Ih1mtQ2cXVgZcoS89IgKJbHcjhemUCo+HuN2VFBjXEBzBDED448yeCUA8d74Gm71

Pieea5zxQZenJE2c2XoDtMrI6KNmK9kWL5v0ugnmKoK1KWGIMil4bWNtnxP6pnMP

HCnGlgEOKLs+2GOk9nS8G1nbVlNnQ0ew1QxWhb13Fk000HsRUw3EuEGS5myjAG2R

zQiEGcbeIdhkdBNPuD7DIixUNLqCU4bhqaEDNXgmTDdjXtvQP9M=

=bV2G

—–END PGP SIGNATURE—–