qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
The product dereferences a pointer that it expects to be valid but is NULL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nagios_core | Nagios | * | 4.4.1 (including) |
Nagios4 | Ubuntu | cosmic | * |