Total vulnerabilities in the database
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
| Software | From | Fixed in |
|---|---|---|
| icinga / icinga | 1.9.2 | 1.9.2.x |
| icinga / icinga | 1.8.4 | 1.8.4.x |
| icinga / icinga | 1.9.3 | 1.9.3.x |
| nagios / nagios | 4.0.0-beta4 | 4.0.0-beta4.x |
| icinga / icinga | 1.9.0 | 1.9.0.x |
| icinga / icinga | 1.8.2 | 1.8.2.x |
| icinga / icinga | 1.8.0 | 1.8.0.x |
| nagios / nagios | 4.0.2 | 4.0.2.x |
| nagios / nagios | 4.0.0-beta1 | 4.0.0-beta1.x |
| icinga / icinga | 1.8.3 | 1.8.3.x |
| icinga / icinga | 1.8.1 | 1.8.1.x |
| icinga / icinga | 1.10.2 | 1.10.2.x |
| icinga / icinga | - | 1.8.5.x |
| nagios / nagios | 4.0.0-beta3 | 4.0.0-beta3.x |
| icinga / icinga | 1.9.4 | 1.9.4.x |
| icinga / icinga | 1.9.1 | 1.9.1.x |
| nagios / nagios | - | 4.0.3.x |
| icinga / icinga | 1.10.1 | 1.10.1.x |
| nagios / nagios | 4.0.0-beta2 | 4.0.0-beta2.x |
| icinga / icinga | 1.10.0 | 1.10.0.x |