Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Dec 2013 19:19:25 +0100
From: Salvatore Bonaccorso <>
Subject: Re: CVE request: denial of service in Nagios

Hi Vincent,

On Mon, Dec 23, 2013 at 10:55:35AM -0700, Vincent Danen wrote:
> Could a CVE be assigned to the following flaw?
> A flaw was reported and fixed in Nagios, which can be exploited to cause a denial of service.  This vulnerability is caused due to an off-by-one error within the process_cgivars() function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios web UI.
> References:

Only a cross reference (not saying it should get the same CVE): This
seems to be the equivalent to the icinga issue [1], which got



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.