CVE-2014-1878

2014-02-2815:13:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-1878

buffer overflow

nagios core

icinga

denial of service

remote attackers

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.046 Low

EPSS

Percentile

92.5%

JSON

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

CPENameOperatorVersion
icinga:icingaicingaeq1.9.2
icinga:icingaicingaeq1.8.4
icinga:icingaicingaeq1.9.3
nagios:nagiosnagioseq4.0.0
icinga:icingaicingaeq1.9.0
icinga:icingaicingaeq1.8.2
icinga:icingaicingaeq1.8.0
nagios:nagiosnagioseq4.0.2
icinga:icingaicingaeq1.8.3
icinga:icingaicingaeq1.8.1

CPE	Name	Operator	Version
icinga:icinga	icinga	eq	1.9.2
icinga:icinga	icinga	eq	1.8.4
icinga:icinga	icinga	eq	1.9.3
nagios:nagios	nagios	eq	4.0.0
icinga:icinga	icinga	eq	1.9.0
icinga:icinga	icinga	eq	1.8.2
icinga:icinga	icinga	eq	1.8.0
nagios:nagios	nagios	eq	4.0.2
icinga:icinga	icinga	eq	1.8.3
icinga:icinga	icinga	eq	1.8.1