NVD

Id
41959  
Name
CVE-2013-7205  
Description
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:P)  
Pub Date
2017-01-18  
Published
2014-01-15  
Modified Date
2016-11-28  
Seq
2013-7205  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
211781 41959 CVE-2013-7205 http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/  View
211782 41959 CVE-2013-7205 MDVSA-2014:004  View
211783 41959 CVE-2013-7205 [oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())  View
211784 41959 CVE-2013-7205 64489  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24273 JVNDB-2013-005848 Nagios Core の contrib/daemonchk.c 内の process_cgivars 関数における重要な情報を取得される脆弱性 Nagios Core の contrib/daemonchk.c 内の process_cgivars 関数には、一つずれエラー (Off-by-One error) により、プロセスメモリから重要な情報を取得される、またはサービス運用妨害 (クラッシュ) 状態にされる脆弱性が存在します。 CVE-2013-7205 67147 CVE-2013-7205 41959 6.4 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005848.html 2013-12-20 2014-01-16 View