CVE-2013-7205
Description
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.
Risk Information
Base Score
8.1
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
2.397
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1-1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-cgi_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1-1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
| host/service/network monitoring and management system (USN-3253-2) nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| Nagios3 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS (x64) nagios3_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| Nagios3 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS nagios3_3.5.1-1ubuntu1.3_i386.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS (x64) nagios3_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS nagios3_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 (x64) nagios3_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 nagios3_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 (x64) nagios3_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| Nagios3 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 nagios3_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
| Nagios3-core 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS (x64) nagios3-core_3.5.1-1ubuntu1.3_amd64.deb | Linux |
| Nagios3-core 3.5.1-1ubuntu1.3 for Ubuntu 14.04 LTS nagios3-core_3.5.1-1ubuntu1.3_i386.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS (x64) nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_amd64.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu1.3 for Ubuntu 16.04 LTS nagios3-core_3.5.1.dfsg-2.1ubuntu1.3_i386.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 (x64) nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_amd64.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu3.3 for Ubuntu 16.10 nagios3-core_3.5.1.dfsg-2.1ubuntu3.3_i386.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 (x64) nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_amd64.deb | Linux |
| Nagios3-core 3.5.1.dfsg-2.1ubuntu5.2 for Ubuntu 17.04 nagios3-core_3.5.1.dfsg-2.1ubuntu5.2_i386.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234