CVE-2018-13458
published 2018-07-12CVE-2018-13458: qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service…
PriorityP427medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EXPLOIT
EPSS
4.51%
90.3th percentile
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nagios4 | < nagios4 4.3.4-3 (bookworm) | nagios4 4.3.4-3 (bookworm) |
| nagios | nagios_core | <= 4.4.1 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9fx5-wc5q-367p: qh_core in Nagios Core 4
ghsa_unreviewed·2022-05-13
CVE-2018-13458 [MEDIUM] CWE-476 GHSA-9fx5-wc5q-367p: qh_core in Nagios Core 4
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
OSV
CVE-2018-13458: qh_core in Nagios Core 4
osv·2018-07-12·CVSS 5.5
CVE-2018-13458 [MEDIUM] CVE-2018-13458: qh_core in Nagios Core 4
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Red Hat
nagios: NULL pointer dereference in qh_core in base/query-handler.c
vendor_redhat·2018-07-19·CVSS 5.5
CVE-2018-13458 [MEDIUM] CWE-476 nagios: NULL pointer dereference in qh_core in base/query-handler.c
nagios: NULL pointer dereference in qh_core in base/query-handler.c
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Package: nagios (Red Hat Mobile Application Platform 4) - Out of support scope
Package: nagios (Red Hat Storage 3) - Not affected
Debian
CVE-2018-13458: nagios4 - qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference ...
vendor_debian·2018·CVSS 5.5
CVE-2018-13458 [MEDIUM] CVE-2018-13458: nagios4 - qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference ...
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Scope: local
bookworm: resolved (fixed in 4.3.4-3)
bullseye: resolved (fixed in 4.3.4-3)
sid: resolved (fixed in 4.3.4-3)
trixie: resolved (fixed in 4.3.4-3)
No detection rules found.
Bugzilla
CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [epel-all]
bugzilla·2019-01-10·CVSS 5.5
CVE-2018-13458 [MEDIUM] CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [epel-all]
CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
Bugzilla
CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [fedora-all]
bugzilla·2019-01-10·CVSS 5.5
CVE-2018-13458 [MEDIUM] CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [fedora-all]
CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c
bugzilla·2019-01-10·CVSS 5.5
CVE-2018-13458 [MEDIUM] CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c
CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c
A flaw was found in Nagios Core version 4.4.1 and earlier. The qh_core function is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References:
https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
Discussion:
Created nagios tracking bugs for this issue:
Affects: epel-all [bug 1665210]
Affects: fedora-all [bug 1665209]
---
This vulnerability is out of security support scope for the following product:
* Red Hat Mobile Application Platform
Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details
---
T
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.htmlhttps://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6ehttps://knowledge.opsview.com/v5.3/docs/whats-newhttps://knowledge.opsview.com/v5.4/docs/whats-newhttps://www.exploit-db.com/exploits/45082/http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.htmlhttps://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6ehttps://knowledge.opsview.com/v5.3/docs/whats-newhttps://knowledge.opsview.com/v5.4/docs/whats-newhttps://www.exploit-db.com/exploits/45082/
2018-07-12
Published