Lucene search
HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-4501
cve-2009-4501
zbx_get_next_field
denial of service
remote attackers
null pointer dereference
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.0%
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
Affected configurations
Node
zabbixzabbixRange≤1.6.7
ORzabbixzabbixMatch1.1.2
ORzabbixzabbixMatch1.1.3
ORzabbixzabbixMatch1.1.4
ORzabbixzabbixMatch1.1.5
ORzabbixzabbixMatch1.4.2
ORzabbixzabbixMatch1.4.3
ORzabbixzabbixMatch1.4.4
ORzabbixzabbixMatch1.4.6
ORzabbixzabbixMatch1.6.6
Related
ubuntucve
ubuntucve
CVE-2009-4501
2009-12-31 00:00:00
cvelist
cvelist
CVE-2009-4501
2022-10-03 16:24:02
debiancve
debiancve
CVE-2009-4501
2022-10-03 16:24:02
nvd
nvd
CVE-2009-4501
2009-12-31 18:30:01
prion
prion
Null pointer dereference
2009-12-31 18:30:00
nessus
nessus
Fedora 11 : zabbix-1.6.8-1.fc11 (2010-0278)
2010-07-01 00:00:00
Fedora 12 : zabbix-1.6.8-1.fc12 (2010-0266)
2010-07-01 00:00:00
openvas
openvas
Fedora Update for zabbix FEDORA-2010-0278
2010-03-02 00:00:00
Fedora Update for zabbix FEDORA-2010-0266
2010-03-02 00:00:00
Zabbix < 1.6.8 Multiple Vulnerabilities
2009-12-17 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: zabbix-1.6.8-1.fc12
2010-01-28 00:59:30
[SECURITY] Fedora 11 Update: zabbix-1.6.8-1.fc11
2010-01-28 01:04:02
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.0%
Related for CVE-2009-4501