CVE-2018-13441

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
nagiosnagios
𝑥
≤ 4.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nagios4
bookworm
4.4.6-4
fixed
bullseye
4.4.6-4
fixed
sid
4.4.6-4.1
fixed
trixie
4.4.6-4.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios4
disco
not-affected
cosmic
ignored
bionic
dne
artful
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html
https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
https://knowledge.opsview.com/v5.3/docs/whats-new
https://knowledge.opsview.com/v5.4/docs/whats-new
https://www.exploit-db.com/exploits/45082/
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html
https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
https://knowledge.opsview.com/v5.3/docs/whats-new
https://knowledge.opsview.com/v5.4/docs/whats-new
https://www.exploit-db.com/exploits/45082/