CVE-2013-7108
Description
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Risk Information
Base Score
8.1
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
48.577
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1-1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1-1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| Nagios3 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS (x64) nagios3_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| Nagios3 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS nagios3_3.5.1-1ubuntu1.3_i386.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS (x64) nagios3_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS nagios3_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 (x64) nagios3_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 nagios3_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 (x64) nagios3_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 nagios3_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
| Nagios3-core 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS (x64) nagios3-core_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| Nagios3-core 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS nagios3-core_3.5.1-1ubuntu1.3_i386.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS (x64) nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 (x64) nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 (x64) nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234