CVE-2014-2386

Published: Mar 25, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.

Affected (5)

Products: Icinga: Icinga · Opensuse: Opensuse

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Icinga Icinga	Up to 1.10.2
Icinga Icinga	Version 1.10.0
Icinga Icinga	Version 1.10.1
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Related CWEs

References (8)

http://comments.gmane.org/gmane.comp.security.oss.general/12355

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html

Source: cve@mitre.org

https://dev.icinga.org/issues/5663

Source: cve@mitre.org

https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=73285093b71a5551abdaab0a042d3d6bae093b0d

Source: cve@mitre.org

http://comments.gmane.org/gmane.comp.security.oss.general/12355

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://dev.icinga.org/issues/5663

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=73285093b71a5551abdaab0a042d3d6bae093b0d

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.