Lucene search

MitreCVE-2013-7108

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2013-7108

2014-01-1516:08:04

CWE-20

mitre

web.nvd.nist.gov

cve-2013-7108

nagios core

icinga

off-by-one errors

remote authenticated users

sensitive information

denial of service

heap-based buffer over-read

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

AI Score

7.3

Confidence

High

EPSS

0.941

Percentile

99.2%

JSON

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Affected configurations

Nvd

Node

nagiosnagiosRange≤4.0.2

nagiosnagiosMatch3.0

nagiosnagiosMatch3.0alpha1

nagiosnagiosMatch3.0alpha2

nagiosnagiosMatch3.0alpha3

nagiosnagiosMatch3.0alpha4

nagiosnagiosMatch3.0alpha5

nagiosnagiosMatch3.0beta1

nagiosnagiosMatch3.0beta2

nagiosnagiosMatch3.0beta3

nagiosnagiosMatch3.0beta4

nagiosnagiosMatch3.0beta5

nagiosnagiosMatch3.0beta6

nagiosnagiosMatch3.0beta7

nagiosnagiosMatch3.0rc1

nagiosnagiosMatch3.0rc2

nagiosnagiosMatch3.0rc3

nagiosnagiosMatch3.0.1

nagiosnagiosMatch3.0.2

nagiosnagiosMatch3.0.3

nagiosnagiosMatch3.0.4

nagiosnagiosMatch3.0.5

nagiosnagiosMatch3.0.6

nagiosnagiosMatch3.1.0

nagiosnagiosMatch3.1.1

nagiosnagiosMatch3.1.2

nagiosnagiosMatch3.2.0

nagiosnagiosMatch3.2.1

nagiosnagiosMatch3.2.2

nagiosnagiosMatch3.2.3

nagiosnagiosMatch3.3.1

nagiosnagiosMatch3.4.0

nagiosnagiosMatch3.4.1

nagiosnagiosMatch3.4.2

nagiosnagiosMatch3.4.3

nagiosnagiosMatch3.5.1

Node

icingaicingaRange≤1.8.4

icingaicingaMatch0.8.0

icingaicingaMatch0.8.1

icingaicingaMatch0.8.2

icingaicingaMatch0.8.3

icingaicingaMatch0.8.4

icingaicingaMatch1.0

icingaicingaMatch1.0rc1

icingaicingaMatch1.0.1

icingaicingaMatch1.0.2

icingaicingaMatch1.0.3

icingaicingaMatch1.2.0

icingaicingaMatch1.2.1

icingaicingaMatch1.3.0

icingaicingaMatch1.3.1

icingaicingaMatch1.4.0

icingaicingaMatch1.4.1

icingaicingaMatch1.6.0

icingaicingaMatch1.6.1

icingaicingaMatch1.6.2

icingaicingaMatch1.7.0

icingaicingaMatch1.7.1

icingaicingaMatch1.7.2

icingaicingaMatch1.7.3

icingaicingaMatch1.7.4

icingaicingaMatch1.8.0

icingaicingaMatch1.8.1

icingaicingaMatch1.8.2

icingaicingaMatch1.8.3

icingaicingaMatch1.9.0

icingaicingaMatch1.9.1

icingaicingaMatch1.9.2

icingaicingaMatch1.9.3

icingaicingaMatch1.10.0

icingaicingaMatch1.10.1

VendorProductVersionCPE
nagiosnagios*cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*
nagiosnagios3.0cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*

Vendor	Product	Version	CPE
nagios	nagios	*	cpe:2.3:a:nagios:nagios::::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:::::::*
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:alpha1::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:alpha2::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:alpha3::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:alpha4::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:alpha5::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:beta1::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:beta2::::::
nagios	nagios	3.0	cpe:2.3:a:nagios:nagios:3.0:beta3::::::