{"id":"MGASA-2014-0010","summary":"Updated nagios package fixes security vulnerability","details":"A flaw was reported and fixed in Nagios, which can be exploited to cause a\ndenial of service.  This vulnerability is caused due to an off-by-one\nerror within the process_cgivars() function, which can be exploited to\ncause an out-of-bounds read by sending a specially-crafted key value to the Nagios\nweb UI (CVE-2013-7108, CVE-2013-7205).\nAn issue that prevented the service from starting has also been fixed.\n","modified":"2026-04-16T01:46:31.306762203Z","published":"2014-01-17T00:22:05Z","upstream":["CVE-2013-7108","CVE-2013-7205"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0010.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12100"},{"type":"ADVISORY","url":"https://secunia.com/advisories/55976/"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2013/12/24/1"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046113"}],"affected":[{"package":{"name":"nagios","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nagios?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.4-4.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0010.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}