Description
A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue.
Published: 2026-05-18
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the lwIP snmpv3 USM Handler function snmp_parse_inbound_frame when a specially crafted msgAuthenticationParameters value is supplied. The overflow occurs on the stack and is triggered by a remote attacker sending a manipulated SNMPv3 frame, potentially allowing arbitrary code execution. The CVSS score of 9.3 reflects this high‑severity impact on confidentiality, integrity and availability.

Affected Systems

The flaw affects all lwIP versions up to and including 2.2.1. The vulnerable code resides in src/apps/snmp/snmp_msg.c within the snmpv3 USM Handler component. Systems that run lwIP libraries or firmware versions 2.2.1 or older are at risk if the SNMPv3 USM interface is enabled.

Risk and Exploitability

The CVSS indicates a critical risk level and the EPSS score is unavailable, suggesting the exploitation probability is currently unknown but potentially high. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires remote access to the SNMPv3 interface; an attacker could target exposed SNMP ports over the network to trigger the overflow.

Generated by OpenCVE AI on May 18, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch corresponding to commit 0c957ec03054eb6c8205e9c9d1d05d90ada3898c to the lwIP source code or upgrade to a version newer than 2.2.1.
  • Rebuild and redeploy the firmware or application after applying the patch to ensure the binary incorporates the fix.
  • If the SNMPv3 USM feature is not required, disable or remove it from the lwIP configuration to eliminate the attack surface.

Generated by OpenCVE AI on May 18, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue.
Title lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
First Time appeared N
N lwip
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:n:lwip:*:*:*:*:*:*:*:*
Vendors & Products N
N lwip
References
Metrics cvssV2_0

{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X'}

Subscriptions

N Lwip
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T19:20:22.909Z

Reserved: 2026-05-18T14:20:09.110Z

Link: CVE-2026-8836

cve-icon Vulnrichment

Updated: 2026-05-18T19:20:17.080Z

cve-icon NVD

Status : Deferred

Published: 2026-05-18T19:16:28.533

Modified: 2026-05-18T19:26:31.620

Link: CVE-2026-8836

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T20:30:05Z

Weaknesses