Vulnerability Description
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icinga | Icinga | <= 1.8.5 |
| Nagios | Nagios | <= 4.0.3 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html
- http://secunia.com/advisories/57024Vendor Advisory
- http://www.securityfocus.com/bid/65605
- https://bugzilla.redhat.com/show_bug.cgi?id=1066578
- https://dev.icinga.org/issues/5434Patch
- https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
- https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html
- http://secunia.com/advisories/57024Vendor Advisory
- http://www.securityfocus.com/bid/65605
- https://bugzilla.redhat.com/show_bug.cgi?id=1066578
- https://dev.icinga.org/issues/5434Patch
- https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
- https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6
FAQ
What is CVE-2014-1878?
CVE-2014-1878 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote atta...
How severe is CVE-2014-1878?
CVE-2014-1878 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1878?
Check the references section above for vendor advisories and patch information. Affected products include: Icinga Icinga, Nagios Nagios.