Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-1878

Published: 28/02/2014 Updated: 25/12/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Nagios

Vulnerability Summary

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and previous versions, and Icinga prior to 1.8.6, 1.9 prior to 1.9.5, and 1.10 prior to 1.10.3 allows remote malicious users to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios

icinga icinga 1.10.0

icinga icinga 1.8.0

icinga icinga 1.8.1

nagios nagios 4.0.0

icinga icinga 1.9.2

icinga icinga 1.9.3

icinga icinga 1.9.4

icinga icinga 1.9.0

icinga icinga 1.9.1

icinga icinga 1.8.4

icinga icinga

icinga icinga 1.10.1

icinga icinga 1.10.2

icinga icinga 1.8.2

icinga icinga 1.8.3

nagios nagios 4.0.2

Vendor Advisories

Debian CVElist Bug Report Logs: nagios3: CVE-2014-1878: buffer overflow in cmd.cgi
Debian Bug report logs - #823721 nagios3: CVE-2014-1878: buffer overflow in cmdcgi Package: src:nagios3; Maintainer for src:nagios3 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 8 May 2016 04:12:02 UTC Severity: importa ...
Ubuntu Security Notice: nagios3 vulnerabilities
Several security issues were fixed in Nagios ...
Ubuntu Security Notice: nagios3 regression
USN-3253-1 introduced a regression in Nagios ...
Amazon Linux AMI: ALAS-2017-899
Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...
Red Hat: CVE-2014-1878
Stack-based buffer overflow in the cmd_submitf function in cgi/cmdc in Nagios Core, possibly 403rc1 and earlier, and Icinga before 186, 19 before 195, and 110 before 1103 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmdcgi ...

References

CWE-119https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6http://secunia.com/advisories/57024https://dev.icinga.org/issues/5434https://bugzilla.redhat.com/show_bug.cgi?id=1066578http://www.securityfocus.com/bid/65605http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.htmlhttps://lists.debian.org/debian-lts-announce/2018/12/msg00014.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823721https://usn.ubuntu.com/3253-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-1878
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook