Lucene search

K

PRIOn knowledge basePRION:CVE-2013-7108

HistoryJan 15, 2014 - 4:08 p.m.

Heap overflow

2014-01-1516:08:00

PRIOn knowledge base

www.prio-n.com

6

6.8 Medium

AI Score

Confidence

Low

0.941 High

EPSS

Percentile

99.2%

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

CPENameOperatorVersion
icingaeq0.8.1
icingaeq0.8.4
icingaeq1.9.2
icingaeq1.0.2
icingaeq1.9.3
icingaeq1.2.1
icingaeq0.8.3
icingaeq1.9.0
icingaeq1.6.1
icingaeq1.7.0

Rows per page:

1-10 of 711

References

lists.opensuse.org/opensuse-updates/2014-01/msg00010.html

lists.opensuse.org/opensuse-updates/2014-01/msg00028.html

lists.opensuse.org/opensuse-updates/2014-01/msg00046.html

lists.opensuse.org/opensuse-updates/2014-01/msg00068.html

secunia.com/advisories/55976

secunia.com/advisories/56316

sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/

www.mandriva.com/security/advisories?name=MDVSA-2014:004

www.openwall.com/lists/oss-security/2013/12/24/1

www.securityfocus.com/bid/64363

dev.icinga.org/issues/5251

lists.debian.org/debian-lts-announce/2018/12/msg00014.html

www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/

6.8 Medium

AI Score

Confidence

Low

0.941 High

EPSS

Percentile

99.2%

Related for PRION:CVE-2013-7108

nvd1 nessus13 openvas9 securityvulns7 cvelist1 cve1 alpinelinux1 checkpoint_advisories1 debiancve1 ubuntucve2 mageia1 debian3 osv3 freebsd1 gentoo1 ubuntu2 ibm2 amazon1