CVE-2018-13441
published 2018-07-12CVE-2018-13441: qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service…
PriorityP422medium5.5CVSS 3.0
AVLACLPRLUINSUCNINAH
EXPLOIT
EPSS
1.34%
67.8th percentile
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nagios4 | < nagios4 4.3.4-3 (bookworm) | nagios4 4.3.4-3 (bookworm) |
| nagios | nagios | <= 4.4.1 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
nagios: NULL pointer dereference in qh_help in base/query-handler.c
vendor_redhat·2018-07-19·CVSS 5.5
CVE-2018-13441 [MEDIUM] CWE-476 nagios: NULL pointer dereference in qh_help in base/query-handler.c
nagios: NULL pointer dereference in qh_help in base/query-handler.c
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Package: nagios (Red Hat Mobile Application Platform 4) - Out of support scope
Package: nagios (Red Hat Storage 3) - Not affected
Debian
CVE-2018-13441: nagios4 - qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dere...
vendor_debian·2018·CVSS 5.5
CVE-2018-13441 [MEDIUM] CVE-2018-13441: nagios4 - qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dere...
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Scope: local
bookworm: resolved (fixed in 4.3.4-3)
bullseye: resolved (fixed in 4.3.4-3)
sid: resolved (fixed in 4.3.4-3)
trixie: resolved (fixed in 4.3.4-3)
GHSA
GHSA-vcwh-ghpm-79h9: qh_help in Nagios Core version 4
ghsa_unreviewed·2022-05-13
CVE-2018-13441 [MEDIUM] CWE-476 GHSA-vcwh-ghpm-79h9: qh_help in Nagios Core version 4
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
OSV
CVE-2018-13441: qh_help in Nagios Core version 4
osv·2018-07-12·CVSS 5.5
CVE-2018-13441 [MEDIUM] CVE-2018-13441: qh_help in Nagios Core version 4
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
No detection rules found.
Bugzilla
CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c
bugzilla·2019-01-10·CVSS 5.5
CVE-2018-13441 [MEDIUM] CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c
CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c
A flaw was found in Nagios Core version 4.4.1 and earlier. The qh_help function is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References:
https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
Discussion:
Created nagios tracking bugs for this issue:
Affects: epel-all [bug 1665201]
Affects: fedora-all [bug 1665200]
---
This vulnerability is out of security support scope for the following product:
* Red Hat Mobile Application Platform
Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details
---
T
Bugzilla
CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [epel-all]
bugzilla·2019-01-10·CVSS 5.5
CVE-2018-13441 [MEDIUM] CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [epel-all]
CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
Bugzilla
CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [fedora-all]
bugzilla·2019-01-10·CVSS 5.5
CVE-2018-13441 [MEDIUM] CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [fedora-all]
CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.htmlhttps://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8https://knowledge.opsview.com/v5.3/docs/whats-newhttps://knowledge.opsview.com/v5.4/docs/whats-newhttps://www.exploit-db.com/exploits/45082/http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.htmlhttps://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8https://knowledge.opsview.com/v5.3/docs/whats-newhttps://knowledge.opsview.com/v5.4/docs/whats-newhttps://www.exploit-db.com/exploits/45082/
2018-07-12
Published