CVE-2018-13441

Name
CVE-2018-13441
Description
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
Exploit https://www.exploit-db.com/exploits/45082/
Release Notes https://knowledge.opsview.com/v5.4/docs/whats-new
Release Notes https://knowledge.opsview.com/v5.3/docs/whats-new
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:* nagios >= None <= 4.4.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
nagios 3.12-main 3.5.1-r6 Carlo Landmeter <clandmeter@gmail.com> possibly vulnerable
nagios 3.11-main 3.5.1-r6 Carlo Landmeter <clandmeter@gmail.com> possibly vulnerable