CVE-2018-13441

Published: Jul 12, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

Affected (1)

Products: Nagios: Nagios

Nagios

1 product

Nagios

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nagios Nagios	Up to 4.4.1

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html

Source: cve@mitre.org

https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8

Source: cve@mitre.org

ExploitThird Party Advisory

https://knowledge.opsview.com/v5.3/docs/whats-new

Source: cve@mitre.org

Release Notes

https://knowledge.opsview.com/v5.4/docs/whats-new

Source: cve@mitre.org

Release Notes

https://www.exploit-db.com/exploits/45082/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html