Unrated severityNVD Advisory· Published Feb 28, 2014· Updated Apr 29, 2026
CVE-2014-1878
CVE-2014-1878
Description
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
Affected products
20cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*range: <=1.8.5
- cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:*:rc1:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:nagios:nagios:*:rc1:*:*:*:*:*:*range: <=4.0.3
- cpe:2.3:a:nagios:nagios:4.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:4.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- dev.icinga.org/issues/5434nvdPatch
- secunia.com/advisories/57024nvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-04/msg00033.htmlnvd
- www.securityfocus.com/bid/65605nvd
- bugzilla.redhat.com/show_bug.cginvd
- lists.debian.org/debian-lts-announce/2018/12/msg00014.htmlnvd
- www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6nvd
News mentions
0No linked articles in our index yet.