CVE-2020-6582 - Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small neg

CVE-2020-6582

Summary

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

References

https://herolab.usd.de/security-advisories/
https://herolab.usd.de/security-advisories/usd-2020-0001/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/

Vulnerable Configurations

cpe:2.3:a:nagios:remote_plug_in_executor:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:remote_plug_in_executor:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-04-2022 - 15:15)
Impact:
Exploitability:

CWE

CWE-681

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

fedora	FEDORA-2020-d436ed655f
misc	https://herolab.usd.de/security-advisories/ https://herolab.usd.de/security-advisories/usd-2020-0001/

Last major update

18-04-2022 - 15:15

Published

16-03-2020 - 18:15

Last modified

18-04-2022 - 15:15