Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2013-7205

Published: 15/01/2014 Updated: 25/12/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Nagios

Vulnerability Summary

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and previous versions allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios 3.0

nagios nagios 3.0.3

nagios nagios 3.0.4

nagios nagios 3.2.2

nagios nagios 3.2.3

nagios nagios 3.0.5

nagios nagios 3.0.6

nagios nagios 3.3.1

nagios nagios 3.4.0

nagios nagios

nagios nagios 3.0.1

nagios nagios 3.0.2

nagios nagios 3.2.0

nagios nagios 3.2.1

nagios nagios 3.4.3

nagios nagios 3.5.1

nagios nagios 3.1.0

nagios nagios 3.1.1

nagios nagios 3.1.2

nagios nagios 3.4.1

nagios nagios 3.4.2

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2013-7108 CVE-2013-7205
Debian Bug report logs - #771466 CVE-2013-7108 CVE-2013-7205 Package: nagios3; Maintainer for nagios3 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for nagios3 is src:nagios3 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 29 Nov 2014 22:18:02 U ...
Ubuntu Security Notice: nagios3 vulnerabilities
Several security issues were fixed in Nagios ...
Ubuntu Security Notice: nagios3 regression
USN-3253-1 introduced a regression in Nagios ...
Amazon Linux AMI: ALAS-2017-899
Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...
Red Hat: CVE-2013-7205
Off-by-one error in the process_cgivars function in contrib/daemonchkc in Nagios Core 351, 402, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read ...

References

CWE-119http://secunia.com/advisories/55976http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/http://www.openwall.com/lists/oss-security/2013/12/24/1http://www.mandriva.com/security/advisories?name=MDVSA-2014:004http://www.securityfocus.com/bid/64489https://lists.debian.org/debian-lts-announce/2018/12/msg00014.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771466https://nvd.nist.govhttps://usn.ubuntu.com/3253-1/https://access.redhat.com/security/cve/cve-2013-7205
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook