Vulnerability Details : CVE-2014-1878
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-1878
Probability of exploitation activity in the next 30 days: 4.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1878
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-1878
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1878
-
https://bugzilla.redhat.com/show_bug.cgi?id=1066578
1066578 – (CVE-2014-1878) CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi
-
https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6
-
http://www.securityfocus.com/bid/65605
Icinga 'cgi/cmd.c' Stack Buffer Overflow Vulnerability
-
https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
[SECURITY] [DLA 1615-1] nagios3 security update
-
https://dev.icinga.org/issues/5434
Patch
-
http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html
openSUSE-SU-2014:0516-1: moderate: nagios: fixed a buffer overflow
Products affected by CVE-2014-1878
- cpe:2.3:a:nagios:nagios:*:rc1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*