6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.018 Low
EPSS
Percentile
87.8%
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in
Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to
obtain sensitive information from process memory or cause a denial of
service (crash) via a long string in the last key value in the variable
list, which triggers a heap-based buffer over-read.
Author | Note |
---|---|
mdeslaur | nagios fix had an additional source file, so this CVE was split out from CVE-2013-7108. (contrib/daemonchk.c) |