CVE-2014-1878
Icinga < 1.8.5 and Nagios < 4.0.3 - Stack-based Buffer Overflow via Long Message to cmd.cgi
Title source: llmDescription
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
References (7)
Core 7
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html
Patch x_refsource_confirm
https://dev.icinga.org/issues/5434
Various Sources x_refsource_confirm
https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1066578
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65605
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57024
Scores
EPSS
0.0234
EPSS Percentile
85.1%
Details
CWE
CWE-119
Status
published
Products (17)
icinga/icinga
1.8.0
icinga/icinga
1.8.1
icinga/icinga
1.8.2
icinga/icinga
1.8.3
icinga/icinga
1.8.4
icinga/icinga
1.9.0
icinga/icinga
1.9.1
icinga/icinga
1.9.2
icinga/icinga
1.9.3
icinga/icinga
1.9.4
... and 7 more
Published
Feb 28, 2014
Tracked Since
Feb 18, 2026