VDB
GCVE-110-MAGEIA-2020-247
GCVE-110-MAGEIA-2020-247
Advisory Published
Updated nrpe packages fix security vulnerabilities:
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example,
nasty_metachars interprets \n as the character \ and the character n
(not as the \n newline sequence). This can cause command injection
(CVE-2020-6581).
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by
interpretation of a small negative number as a large positive number
during a bzero call (CVE-2020-6582).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | xfsprogs | 0 (affected), 5.10.0-1.mga7 (unaffected) | — |
| Mageia | inih | 0 (affected), 52-1.mga7 (unaffected) | — |
| Mageia | nrpe | 3.2.1-3.2.mga7 (unaffected), 0 (affected), 3.2.1-3.2.mga7 (unaffected), 0 (affected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.