CVE-2013-7108 — MEDIUM (5.5)

Q: How severe is CVE-2013-7108?

CVE-2013-7108 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-7108?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios, Icinga Icinga.

Vulnerability Description

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

CVSS Score

5.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:P

Confidentiality

PARTIAL

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Nagios	Nagios	<= 4.0.2
Icinga	Icinga	<= 1.8.4

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2013-7108?

CVE-2013-7108 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information ...

How severe is CVE-2013-7108?

CVE-2013-7108 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-7108?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios, Icinga Icinga.