Improper input validation in Icinga

CVE-2013-7108

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial o…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.595 (99.0th percentile) — read the EPSS interpretation.

Affected products

Icinga — versions 0.8.0, 0.8.1, 0.8.2
Nagios — versions 3.0, 3.0.1, 3.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

MDVSA-2014:004 (vendor-advisory, x_refsource_MANDRIVA)
openSUSE-SU-2014:0069 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)
56316 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
openSUSE-SU-2014:0097 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars()) (mailing-list, x_refsource_MLIST)
55976 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)