CVE-2014-1878

Public on 2014-02-28

Modified on 2017-10-03

Description

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

Severity

Medium

See what this means

CVSS v3 Base Score

4.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	nagios	2017-10-03 11:00	ALAS-2017-899

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	4.0	AV:N/AC:L/Au:S/C:N/I:N/A:P
NVD	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P

References

Red Hat: CVE-2014-1878 Mitre: CVE-2014-1878 FAQs regarding Amazon Linux ALAS/CVE Severity