Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | nagios | 2017-10-03 11:00 | ALAS-2017-899 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.0 | AV:N/AC:L/Au:S/C:N/I:N/A:P |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |