NULL Pointer Dereference Vulnerability in Nagios Core by Nagios Enterprises
CVE-2018-13457

5.5MEDIUM

Key Information:

Vendor

Nagios

Status
Nagios Core
Vendor
CVE Published:
12 July 2018

What is CVE-2018-13457?

The qh_echo function in Nagios Core versions 4.4.1 and earlier is vulnerable to a NULL pointer dereference issue. This flaw can lead to a local denial-of-service condition if an attacker sends a specially crafted payload to the listening UNIX socket. Organizations using affected versions should evaluate their security posture and apply necessary patches to mitigate potential risks.

References

https://knowledge.opsview.com/v5.4/docs/whats-new
x_refsource_CONFIRM
https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a...
x_refsource_MISC
https://www.exploit-db.com/exploits/45082/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.