Heap-based buffer over-read vulnerability in Nagios Core 3.5.1, 4.0.2, and earlier

Heap-based buffer over-read vulnerability in Nagios Core 3.5.1, 4.0.2, and earlier

CVE-2013-7205 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.

Learn more about our Cis Benchmark Audit For Apple Ios.