CVE-2013-7108

EPSS 52.73%
Veröffentlicht 15.01.2014 16:08:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nagios ≫ Nagios Version <= 4.0.2

Nagios ≫ Nagios Version3.0

Nagios ≫ Nagios Version3.0 Updatealpha1

Nagios ≫ Nagios Version3.0 Updatealpha2

Nagios ≫ Nagios Version3.0 Updatealpha3

Nagios ≫ Nagios Version3.0 Updatealpha4

Nagios ≫ Nagios Version3.0 Updatealpha5

Nagios ≫ Nagios Version3.0 Updatebeta1

Nagios ≫ Nagios Version3.0 Updatebeta2

Nagios ≫ Nagios Version3.0 Updatebeta3

Nagios ≫ Nagios Version3.0 Updatebeta4

Nagios ≫ Nagios Version3.0 Updatebeta5

Nagios ≫ Nagios Version3.0 Updatebeta6

Nagios ≫ Nagios Version3.0 Updatebeta7

Nagios ≫ Nagios Version3.0 Updaterc1

Nagios ≫ Nagios Version3.0 Updaterc2

Nagios ≫ Nagios Version3.0 Updaterc3

Nagios ≫ Nagios Version3.0.1

Nagios ≫ Nagios Version3.0.2

Nagios ≫ Nagios Version3.0.3

Nagios ≫ Nagios Version3.0.4

Nagios ≫ Nagios Version3.0.5

Nagios ≫ Nagios Version3.0.6

Nagios ≫ Nagios Version3.1.0

Nagios ≫ Nagios Version3.1.1

Nagios ≫ Nagios Version3.1.2

Nagios ≫ Nagios Version3.2.0

Nagios ≫ Nagios Version3.2.1

Nagios ≫ Nagios Version3.2.2

Nagios ≫ Nagios Version3.2.3

Nagios ≫ Nagios Version3.3.1

Nagios ≫ Nagios Version3.4.0

Nagios ≫ Nagios Version3.4.1

Nagios ≫ Nagios Version3.4.2

Nagios ≫ Nagios Version3.4.3

Nagios ≫ Nagios Version3.5.1

Icinga ≫ Icinga Version <= 1.8.4

Icinga ≫ Icinga Version0.8.0

Icinga ≫ Icinga Version0.8.1

Icinga ≫ Icinga Version0.8.2

Icinga ≫ Icinga Version0.8.3

Icinga ≫ Icinga Version0.8.4

Icinga ≫ Icinga Version1.0

Icinga ≫ Icinga Version1.0 Updaterc1

Icinga ≫ Icinga Version1.0.1

Icinga ≫ Icinga Version1.0.2

Icinga ≫ Icinga Version1.0.3

Icinga ≫ Icinga Version1.2.0

Icinga ≫ Icinga Version1.2.1

Icinga ≫ Icinga Version1.3.0

Icinga ≫ Icinga Version1.3.1

Icinga ≫ Icinga Version1.4.0

Icinga ≫ Icinga Version1.4.1

Icinga ≫ Icinga Version1.6.0

Icinga ≫ Icinga Version1.6.1

Icinga ≫ Icinga Version1.6.2

Icinga ≫ Icinga Version1.7.0

Icinga ≫ Icinga Version1.7.1

Icinga ≫ Icinga Version1.7.2

Icinga ≫ Icinga Version1.7.3

Icinga ≫ Icinga Version1.7.4

Icinga ≫ Icinga Version1.8.0

Icinga ≫ Icinga Version1.8.1

Icinga ≫ Icinga Version1.8.2

Icinga ≫ Icinga Version1.8.3

Icinga ≫ Icinga Version1.9.0

Icinga ≫ Icinga Version1.9.1

Icinga ≫ Icinga Version1.9.2

Icinga ≫ Icinga Version1.9.3

Icinga ≫ Icinga Version1.10.0

Icinga ≫ Icinga Version1.10.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	52.73%	0.979

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/

http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html

http://secunia.com/advisories/55976

Vendor Advisory

http://secunia.com/advisories/56316

Vendor Advisory

http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/

http://www.mandriva.com/security/advisories?name=MDVSA-2014:004

http://www.openwall.com/lists/oss-security/2013/12/24/1