A flaw was found in Nagios Core version 4.4.1 and earlier. The qh_echo function is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Created nagios tracking bugs for this issue:
Affects: epel-all [bug 1665207]
Affects: fedora-all [bug 1665206]
This vulnerability is out of security support scope for the following product:
* Red Hat Mobile Application Platform
Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):