CVE-2020-6582

HIGH

Nagios Remote Plug IN Executor - Out-of-Bounds Write

Title source: rule

Description

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

References (3)

[Third Party Advisory] https://herolab.usd.de/security-advisories/

[Exploit, Third Party Advisory] https://herolab.usd.de/security-advisories/usd-2020-0001/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/

Scores

CVSS v3 7.5

EPSS 0.0164

EPSS Percentile 82.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-681 CWE-787

Status published

Products (2)

fedoraproject/fedora 32

nagios/remote_plug_in_executor 3.2.1

Published Mar 16, 2020

Tracked Since Feb 18, 2026