Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. Reference: https://herolab.usd.de/security-advisories/usd-2020-0001/
Created nrpe tracking bugs for this issue: Affects: epel-all [bug 1816816] Affects: fedora-all [bug 1816814]
Statement: Nagios is considered deprecated. Nagios plugins and Nagios server are no longer maintained or supported. Refer following release notes for details: "https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.5/html-single/3.5_release_notes/index". The older version of nrpe which was shipped with Red Hat Gluster Storage does not support v3 packet format.
External References: https://herolab.usd.de/security-advisories/usd-2020-0001/
Mitigation: There is no known mitigation for this issue, the flaw can only be resolved by applying updates.