PT-2014-3287 · Nagios+2 · Nagios Core+2

Published

2014-01-14

Updated

2018-12-25

CVE-2013-7205

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions Nagios Core versions 3.5.1, 4.0.2, and earlier

Description The issue is related to an off-by-one error in the process cgivars function. This error can be triggered by a long string in the last key value in the variable list, leading to a heap-based buffer over-read. As a result, remote authenticated users may obtain sensitive information from process memory or cause a denial of service, resulting in a crash.

Recommendations For Nagios Core versions 3.5.1, 4.0.2, and earlier, consider updating to a newer version to mitigate the risk, although the specific fixed version is not provided in the available information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2017-2354

CVE-2013-7205

DLA-1615-1

MGASA-2014-0010

USN-3253-1

USN-3253-2

Affected Products

Alt Linux

Nagios Core

Ubuntu

PT-2014-3287 · Nagios+2 · Nagios Core+2

CVE-2013-7205

Weakness Enumeration

Related Identifiers

Affected Products

References · 49