CVE Catalog

CVE-2026-8836

Critical
Published: Translated: NVD NIST

Summary

A vulnerability was found in lwIP up to 2.2.1 in the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Manipulating the argument msgAuthenticationParameters results in stack-based buffer overflow.

Risk Assessment

An attacker may remotely exploit this vulnerability, potentially leading to severe consequences such as remote code execution or system destabilization.

Recommendation

It is suggested to install the patch named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c to address this issue.

Original NVD description (English source)

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS