CVE-2018-13441

Name
CVE-2018-13441
Description
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
Exploit https://www.exploit-db.com/exploits/45082/
Release Notes https://knowledge.opsview.com/v5.4/docs/whats-new
Release Notes https://knowledge.opsview.com/v5.3/docs/whats-new
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:* nagios >= None <= 4.4.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
nagios 3.12-main 3.5.1-r6 Carlo Landmeter <clandmeter@gmail.com> possibly vulnerable
nagios 3.11-main 3.5.1-r6 Carlo Landmeter <clandmeter@gmail.com> possibly vulnerable