CVE-2013-7108

🗓️ 14 Jan 2014 18:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 106 Views🌐 WEB

CVE-2013-7108 Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.

Reporter	Title	Published	Views	Family All 56
IBM Security Bulletins	Security Bulletin: Vulnerabilities in nagios affect PowerKVM	18 Jun 201801:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in nagios affect PowerKVM	18 Jun 201801:38	–	ibm
Amazon	Important: nagios	3 Oct 201700:00	–	amazon
Tenable Nessus	Amazon Linux AMI : nagios (ALAS-2017-899)	4 Oct 201700:00	–	nessus
Tenable Nessus	Debian DLA-1615-1 : nagios3 security update	27 Dec 201800:00	–	nessus
Tenable Nessus	Debian DLA-60-1 : icinga security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Debian DSA-2956-1 : icinga - security update	12 Jun 201400:00	–	nessus
Tenable Nessus	FreeBSD : nagios -- denial of service vulnerability (ba04a373-7d20-11e3-8992-00132034b086)	15 Jan 201400:00	–	nessus
Tenable Nessus	GLSA-201412-23 : Nagios: Multiple vulnerabilities	15 Dec 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : nagios (MDVSA-2014:004)	19 Jan 201400:00	–	nessus

NVD

Node

nagios nagiosRange≤4.0.2

nagios nagiosMatch3.0

nagios nagiosMatch3.0alpha1

nagios nagiosMatch3.0alpha2

nagios nagiosMatch3.0alpha3

nagios nagiosMatch3.0alpha4

nagios nagiosMatch3.0alpha5

nagios nagiosMatch3.0beta1

nagios nagiosMatch3.0beta2

nagios nagiosMatch3.0beta3

nagios nagiosMatch3.0beta4

nagios nagiosMatch3.0beta5

nagios nagiosMatch3.0beta6

nagios nagiosMatch3.0beta7

nagios nagiosMatch3.0rc1

nagios nagiosMatch3.0rc2

nagios nagiosMatch3.0rc3

nagios nagiosMatch3.0.1

nagios nagiosMatch3.0.2

nagios nagiosMatch3.0.3

nagios nagiosMatch3.0.4

nagios nagiosMatch3.0.5

nagios nagiosMatch3.0.6

nagios nagiosMatch3.1.0

nagios nagiosMatch3.1.1

nagios nagiosMatch3.1.2

nagios nagiosMatch3.2.0

nagios nagiosMatch3.2.1

nagios nagiosMatch3.2.2

nagios nagiosMatch3.2.3

nagios nagiosMatch3.3.1

nagios nagiosMatch3.4.0

nagios nagiosMatch3.4.1

nagios nagiosMatch3.4.2

nagios nagiosMatch3.4.3

nagios nagiosMatch3.5.1

Node

icinga icingaRange≤1.8.4

icinga icingaMatch0.8.0

icinga icingaMatch0.8.1

icinga icingaMatch0.8.2

icinga icingaMatch0.8.3

icinga icingaMatch0.8.4

icinga icingaMatch1.0

icinga icingaMatch1.0rc1

icinga icingaMatch1.0.1

icinga icingaMatch1.0.2

icinga icingaMatch1.0.3

icinga icingaMatch1.2.0

icinga icingaMatch1.2.1

icinga icingaMatch1.3.0

icinga icingaMatch1.3.1

icinga icingaMatch1.4.0

icinga icingaMatch1.4.1

icinga icingaMatch1.6.0

icinga icingaMatch1.6.1

icinga icingaMatch1.6.2

icinga icingaMatch1.7.0

icinga icingaMatch1.7.1

icinga icingaMatch1.7.2

icinga icingaMatch1.7.3

icinga icingaMatch1.7.4

icinga icingaMatch1.8.0

icinga icingaMatch1.8.1

icinga icingaMatch1.8.2

icinga icingaMatch1.8.3

icinga icingaMatch1.9.0

icinga icingaMatch1.9.1

icinga icingaMatch1.9.2

icinga icingaMatch1.9.3

icinga icingaMatch1.10.0

icinga icingaMatch1.10.1

Source	Link
lists	www.lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
lists	www.lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
secunia	www.secunia.com/advisories/56316
icinga	www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
openwall	www.openwall.com/lists/oss-security/2013/12/24/1
sourceforge	www.sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
lists	www.lists.opensuse.org/opensuse-updates/2014-01/msg00068.html
mandriva	www.mandriva.com/security/advisories
secunia	www.secunia.com/advisories/55976
lists	www.lists.opensuse.org/opensuse-updates/2014-01/msg00028.html

Parameter	Position	Path	Description	CWE
last key value in the variable list to the process_cgivars function	path	cgi/	Remote authenticated users can trigger a heap-based buffer over-read via a long string in the last key value in the variable list passed to process_cgivars in cgi/ to obtain memory contents or cause a crash.	CWE-20

17 Jun 2026 00:01Current

7.3High risk

Vulners AI Score7.3

CVSS 25.5

EPSS0.59546

CWE-20