VIR Vulnerability Intelligence Relay

CVE-2013-7106

medium
Published 2014-01-15 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.5

Description

Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without authentication by leveraging CVE-2013-7107.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
icingaicinga{"endIncluding":"1.8.4"}
icingaicinga0.8.0
icingaicinga0.8.1
icingaicinga0.8.2
icingaicinga0.8.3
icingaicinga0.8.4
icingaicinga1.0
icingaicinga1.0.1
icingaicinga1.0.2
icingaicinga1.0.3
icingaicinga1.2.0
icingaicinga1.2.1
icingaicinga1.3.0
icingaicinga1.3.1
icingaicinga1.4.0
icingaicinga1.4.1
icingaicinga1.6.0
icingaicinga1.6.1
icingaicinga1.6.2
icingaicinga1.7.0
icingaicinga1.7.1
icingaicinga1.7.2
icingaicinga1.7.3
icingaicinga1.7.4
icingaicinga1.8.0
icingaicinga1.8.1
icingaicinga1.8.2
icingaicinga1.8.3
icingaicinga1.9.0
icingaicinga1.9.1
icingaicinga1.9.2
icingaicinga1.9.3
icingaicinga1.10.0
icingaicinga1.10.1

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.