{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-14T20:06:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://knowledge.opsview.com/v5.4/docs/whats-new"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"}, {"name": "45082", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45082/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://knowledge.opsview.com/v5.3/docs/whats-new"}, {"name": "openSUSE-SU-2020:0500", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"}, {"name": "openSUSE-SU-2020:0517", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13441", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://knowledge.opsview.com/v5.4/docs/whats-new", "refsource": "CONFIRM", "url": "https://knowledge.opsview.com/v5.4/docs/whats-new"}, {"name": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8", "refsource": "MISC", "url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"}, {"name": "45082", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45082/"}, {"name": "https://knowledge.opsview.com/v5.3/docs/whats-new", "refsource": "CONFIRM", "url": "https://knowledge.opsview.com/v5.3/docs/whats-new"}, {"name": "openSUSE-SU-2020:0500", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"}, {"name": "openSUSE-SU-2020:0517", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:00:35.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://knowledge.opsview.com/v5.4/docs/whats-new"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"}, {"name": "45082", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45082/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://knowledge.opsview.com/v5.3/docs/whats-new"}, {"name": "openSUSE-SU-2020:0500", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"}, {"name": "openSUSE-SU-2020:0517", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-13441", "datePublished": "2018-07-12T18:00:00", "dateReserved": "2018-07-08T00:00:00", "dateUpdated": "2024-08-05T09:00:35.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF320AFD-B04D-47F8-9DC0-0B3722FF8E5E", "versionEndIncluding": "4.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."}, {"lang": "es", "value": "qh_help en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) local mediante el env\u00edo de una carga \u00fatil manipulada al socket UNIX en escucha."}], "id": "CVE-2018-13441", "lastModified": "2020-04-11T18:15:09.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-12T18:29:00.420", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://knowledge.opsview.com/v5.3/docs/whats-new"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://knowledge.opsview.com/v5.4/docs/whats-new"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45082/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nagios: NULL pointer dereference in qh_help in base/query-handler.c", "id": "1665199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665199"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."], "name": "CVE-2018-13441", "package_state": [{"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Out of support scope", "package_name": "nagios", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "nagios", "product_name": "Red Hat Storage 3"}], "public_date": "2018-07-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-13441\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13441"], "threat_severity": "Low", "upstream_fix": "nagios 4.4.2"}