Lucene search

Alpine Linux Development TeamALPINE:CVE-2013-7205

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2013-7205

2014-01-1516:08:00

Alpine Linux Development Team

security.alpinelinux.org

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.

OSVersionArchitecturePackageVersionFilename
Alpine3.12-mainnoarchnagios= 3.5.1-r6UNKNOWN
Alpine3.11-mainnoarchnagios= 3.5.1-r6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.12-main	noarch	nagios	= 3.5.1-r6	UNKNOWN
Alpine	3.11-main	noarch	nagios	= 3.5.1-r6	UNKNOWN

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

Related for ALPINE:CVE-2013-7205