CVE-2019-9162 (NVD)

- Vulnerability Info (edit)

In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.

Products element_software_management, linux_kernel
Type Improper Validation of Array Index (CWE-129)
First patch
"netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs The generic ASN.1 decoder infrastructure doesn't guarantee that callbacks will get as much data as they expect; callbacks have to check the `datalen` parameter before looking at `data`. Make sure that snmp_version() and snmp_helper() don't read/write beyond the end of the packet data. (Also move the..."
assignment to `pdata` down below the check to make it clear that it isn't necessarily a pointer we can use before the `datalen` check.) Fixes: cc2d58634e0f ("netfilter: nf_nat_snmp_basic: use asn1 decoder library") Signed-off-by: Jann Horn <> Signed-off-by: Pablo Neira Ayuso <>

Stats: +6 lines / -1 lines (total: 7 lines)
Relevant file/s ./net/ipv4/netfilter/nf_nat_snmp_basic_main.c (modified, +6, -1)


This entry has not been annotated yet.

Please consider adding data:

linux - Tree: c4c07b4d6f

(? files)

Filter Settings
Patch data:

(on by default)

Patched area: