CVE-2008-4309 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-4309 Interim 1 20 2025-11-05T06:12:27Z current 2021-05-30T12:44:02Z 2025-11-05T06:12:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-4309 Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CZOJQV4WV6HDJN7CUTVCEMUCXTLUW54V/#CZOJQV4WV6HDJN7CUTVCEMUCXTLUW54V E-Mail link for SUSE-SR:2009:003 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 openSUSE Tumbleweed libsnmp15-32bit-5.4.2.1-8.12.16.1 libsnmp15-32bit-5.4.2.1-8.12.22.1 libsnmp15-32bit-5.4.2.1-8.12.6.1 libsnmp15-32bit-5.4.2.1-8.2.1 libsnmp15-5.4.2.1-8.12.16.1 libsnmp15-5.4.2.1-8.12.22.1 libsnmp15-5.4.2.1-8.12.6.1 libsnmp15-5.4.2.1-8.2.1 libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 libsnmp15-openssl1-5.4.2.1-8.12.31.1 libsnmp15-x86-5.4.2.1-8.12.16.1 libsnmp15-x86-5.4.2.1-8.12.22.1 libsnmp15-x86-5.4.2.1-8.12.6.1 libsnmp15-x86-5.4.2.1-8.2.1 libsnmp30-32bit-5.9-3.2 libsnmp30-5.9-3.2 libsnmp40-5.9.3-2.21 libsnmp40-5.9.3-slfo.1.1_1.2 libsnmp40-5.9.4-160000.2.2 net-snmp-5.4.2.1-8.12.16.1 net-snmp-5.4.2.1-8.12.22.1 net-snmp-5.4.2.1-8.12.6.1 net-snmp-5.4.2.1-8.2.1 net-snmp-5.9-3.2 net-snmp-5.9.4-160000.2.2 net-snmp-devel-32bit-5.4.2.1-8.12.22.1 net-snmp-devel-32bit-5.9-3.2 net-snmp-devel-5.4.2.1-8.12.22.1 net-snmp-devel-5.9-3.2 net-snmp-devel-5.9.4-160000.2.2 perl-SNMP-5.4.2.1-8.12.16.1 perl-SNMP-5.4.2.1-8.12.22.1 perl-SNMP-5.4.2.1-8.12.6.1 perl-SNMP-5.4.2.1-8.2.1 perl-SNMP-5.9-3.2 perl-SNMP-5.9.4-160000.2.2 python313-net-snmp-5.9.4-160000.2.2 python36-net-snmp-5.9-3.2 python38-net-snmp-5.9-3.2 python39-net-snmp-5.9-3.2 snmp-mibs-5.4.2.1-8.12.16.1 snmp-mibs-5.4.2.1-8.12.22.1 snmp-mibs-5.4.2.1-8.12.6.1 snmp-mibs-5.4.2.1-8.2.1 snmp-mibs-5.9-3.2 snmp-mibs-5.9.3-2.21 snmp-mibs-5.9.3-slfo.1.1_1.2 snmp-mibs-5.9.4-160000.2.2 libsnmp15-5.4.2.1-8.2.1 as a component of SUSE Linux Enterprise Server 11 SP1 libsnmp15-32bit-5.4.2.1-8.2.1 as a component of SUSE Linux Enterprise Server 11 SP1 libsnmp15-x86-5.4.2.1-8.2.1 as a component of SUSE Linux Enterprise Server 11 SP1 net-snmp-5.4.2.1-8.2.1 as a component of SUSE Linux Enterprise Server 11 SP1 perl-SNMP-5.4.2.1-8.2.1 as a component of SUSE Linux Enterprise Server 11 SP1 snmp-mibs-5.4.2.1-8.2.1 as a component of SUSE Linux Enterprise Server 11 SP1 libsnmp15-5.4.2.1-8.12.6.1 as a component of SUSE Linux Enterprise Server 11 SP2 libsnmp15-32bit-5.4.2.1-8.12.6.1 as a component of SUSE Linux Enterprise Server 11 SP2 libsnmp15-x86-5.4.2.1-8.12.6.1 as a component of SUSE Linux Enterprise Server 11 SP2 net-snmp-5.4.2.1-8.12.6.1 as a component of SUSE Linux Enterprise Server 11 SP2 perl-SNMP-5.4.2.1-8.12.6.1 as a component of SUSE Linux Enterprise Server 11 SP2 snmp-mibs-5.4.2.1-8.12.6.1 as a component of SUSE Linux Enterprise Server 11 SP2 libsnmp15-5.4.2.1-8.12.16.1 as a component of SUSE Linux Enterprise Server 11 SP3 libsnmp15-32bit-5.4.2.1-8.12.16.1 as a component of SUSE Linux Enterprise Server 11 SP3 libsnmp15-x86-5.4.2.1-8.12.16.1 as a component of SUSE Linux Enterprise Server 11 SP3 net-snmp-5.4.2.1-8.12.16.1 as a component of SUSE Linux Enterprise Server 11 SP3 perl-SNMP-5.4.2.1-8.12.16.1 as a component of SUSE Linux Enterprise Server 11 SP3 snmp-mibs-5.4.2.1-8.12.16.1 as a component of SUSE Linux Enterprise Server 11 SP3 libsnmp15-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Server 11 SP4 libsnmp15-32bit-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Server 11 SP4 libsnmp15-x86-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Server 11 SP4 net-snmp-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-SNMP-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Server 11 SP4 snmp-mibs-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Server 11 SP4 libsnmp15-openssl1-5.4.2.1-8.12.31.1 as a component of SUSE Linux Enterprise Server 11-SECURITY libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 as a component of SUSE Linux Enterprise Server 11-SECURITY libsnmp40-5.9.4-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 net-snmp-5.9.4-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 net-snmp-devel-5.9.4-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 perl-SNMP-5.9.4-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python313-net-snmp-5.9.4-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 snmp-mibs-5.9.4-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libsnmp15-32bit-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 net-snmp-devel-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 net-snmp-devel-32bit-5.4.2.1-8.12.22.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libsnmp40-5.9.3-2.21 as a component of SUSE Linux Micro 6.0 snmp-mibs-5.9.3-2.21 as a component of SUSE Linux Micro 6.0 libsnmp40-5.9.3-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 snmp-mibs-5.9.3-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 libsnmp30-5.9-3.2 as a component of openSUSE Tumbleweed libsnmp30-32bit-5.9-3.2 as a component of openSUSE Tumbleweed net-snmp-5.9-3.2 as a component of openSUSE Tumbleweed net-snmp-devel-5.9-3.2 as a component of openSUSE Tumbleweed net-snmp-devel-32bit-5.9-3.2 as a component of openSUSE Tumbleweed perl-SNMP-5.9-3.2 as a component of openSUSE Tumbleweed python36-net-snmp-5.9-3.2 as a component of openSUSE Tumbleweed python38-net-snmp-5.9-3.2 as a component of openSUSE Tumbleweed python39-net-snmp-5.9-3.2 as a component of openSUSE Tumbleweed snmp-mibs-5.9-3.2 as a component of openSUSE Tumbleweed Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. CVE-2008-4309 SUSE Linux Enterprise Server 11 SP1:libsnmp15-5.4.2.1-8.2.1 SUSE Linux Enterprise Server 11 SP1:libsnmp15-32bit-5.4.2.1-8.2.1 SUSE Linux Enterprise Server 11 SP1:libsnmp15-x86-5.4.2.1-8.2.1 SUSE Linux Enterprise Server 11 SP1:net-snmp-5.4.2.1-8.2.1 SUSE Linux Enterprise Server 11 SP1:perl-SNMP-5.4.2.1-8.2.1 SUSE Linux Enterprise Server 11 SP1:snmp-mibs-5.4.2.1-8.2.1 SUSE Linux Enterprise Server 11 SP2:libsnmp15-5.4.2.1-8.12.6.1 SUSE Linux Enterprise Server 11 SP2:libsnmp15-32bit-5.4.2.1-8.12.6.1 SUSE Linux Enterprise Server 11 SP2:libsnmp15-x86-5.4.2.1-8.12.6.1 SUSE Linux Enterprise Server 11 SP2:net-snmp-5.4.2.1-8.12.6.1 SUSE Linux Enterprise Server 11 SP2:perl-SNMP-5.4.2.1-8.12.6.1 SUSE Linux Enterprise Server 11 SP2:snmp-mibs-5.4.2.1-8.12.6.1 SUSE Linux Enterprise Server 11 SP3:libsnmp15-5.4.2.1-8.12.16.1 SUSE Linux Enterprise Server 11 SP3:libsnmp15-32bit-5.4.2.1-8.12.16.1 SUSE Linux Enterprise Server 11 SP3:libsnmp15-x86-5.4.2.1-8.12.16.1 SUSE Linux Enterprise Server 11 SP3:net-snmp-5.4.2.1-8.12.16.1 SUSE Linux Enterprise Server 11 SP3:perl-SNMP-5.4.2.1-8.12.16.1 SUSE Linux Enterprise Server 11 SP3:snmp-mibs-5.4.2.1-8.12.16.1 SUSE Linux Enterprise Server 11 SP4:libsnmp15-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Server 11 SP4:libsnmp15-32bit-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Server 11 SP4:libsnmp15-x86-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Server 11 SP4:net-snmp-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Server 11 SP4:perl-SNMP-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Server 11 SP4:snmp-mibs-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Server 11-SECURITY:libsnmp15-openssl1-5.4.2.1-8.12.31.1 SUSE Linux Enterprise Server 11-SECURITY:libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 SUSE Linux Enterprise Server 16.0:libsnmp40-5.9.4-160000.2.2 SUSE Linux Enterprise Server 16.0:net-snmp-5.9.4-160000.2.2 SUSE Linux Enterprise Server 16.0:net-snmp-devel-5.9.4-160000.2.2 SUSE Linux Enterprise Server 16.0:perl-SNMP-5.9.4-160000.2.2 SUSE Linux Enterprise Server 16.0:python313-net-snmp-5.9.4-160000.2.2 SUSE Linux Enterprise Server 16.0:snmp-mibs-5.9.4-160000.2.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libsnmp15-32bit-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:net-snmp-devel-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:net-snmp-devel-32bit-5.4.2.1-8.12.22.1 SUSE Linux Micro 6.0:libsnmp40-5.9.3-2.21 SUSE Linux Micro 6.0:snmp-mibs-5.9.3-2.21 SUSE Linux Micro 6.1:libsnmp40-5.9.3-slfo.1.1_1.2 SUSE Linux Micro 6.1:snmp-mibs-5.9.3-slfo.1.1_1.2 openSUSE Tumbleweed:libsnmp30-5.9-3.2 openSUSE Tumbleweed:libsnmp30-32bit-5.9-3.2 openSUSE Tumbleweed:net-snmp-5.9-3.2 openSUSE Tumbleweed:net-snmp-devel-5.9-3.2 openSUSE Tumbleweed:net-snmp-devel-32bit-5.9-3.2 openSUSE Tumbleweed:perl-SNMP-5.9-3.2 openSUSE Tumbleweed:python36-net-snmp-5.9-3.2 openSUSE Tumbleweed:python38-net-snmp-5.9-3.2 openSUSE Tumbleweed:python39-net-snmp-5.9-3.2 openSUSE Tumbleweed:snmp-mibs-5.9-3.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P