Heap overflow

2014-01-1516:08:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.018 Low

EPSS

Percentile

87.6%

JSON

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.

CPENameOperatorVersion
nagioseq3.0 alpha3
nagioseq3.1.2
nagioseq3.0 rc3
nagioseq3.0 beta4
nagioseq3.0 alpha5
nagioseq3.2.2
nagioseq3.2.0
nagioseq3.1.1
nagioseq3.0.6
nagioseq3.0 alpha2

Name	Operator	Version
nagios	eq	3.0 alpha3
nagios	eq	3.1.2
nagios	eq	3.0 rc3
nagios	eq	3.0 beta4
nagios	eq	3.0 alpha5
nagios	eq	3.2.2
nagios	eq	3.2.0
nagios	eq	3.1.1
nagios	eq	3.0.6
nagios	eq	3.0 alpha2