Описание
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
A flaw was found in nrpe. A heap-based buffer overflow is possible due to the interpretation of a small negative number as a large positive number during a bzero call. The highest threat from this vulnerability is to system availability.
Отчет
Nagios is considered deprecated. Nagios plugins and Nagios server are no longer maintained or supported. Refer following release notes for details: "https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.5/html-single/3.5_release_notes/index". The older version of nrpe which was shipped with Red Hat Gluster Storage does not support v3 packet format.
Меры по смягчению последствий
There is no known mitigation for this issue, the flaw can only be resolved by applying updates.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Storage 3 | nrpe | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
EPSS
7.5 High
CVSS3