CNNVD-202510-2319 Information
CNNVD ID
CNNVD-202510-2319
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
Icinga是德国Icinga公司的一套可扩展的服务器、网络资源监控系统。 Icinga 2 2.10.0版本至2.15.1之前版本、2.14.7版本和2.13.13版本存在代码问题漏洞,该漏洞源于创建无效引用时可能导致分段错误,任何可访问允许指定筛选表达式API端点的API用户均可利用此漏洞使Icinga 2守护进程崩溃。
Description (English)
Icinga is an extended set of servers and network resource monitoring systems for Icinga in Germany. There is a code problem loophole between Icinga Version 2.10.0 and previous versions 2.15.0.1, Versions 2.14.7 and 2.13.13, which stems from the fact that creating invalid references could lead to a break-up error, which can be used by any API user who can access the API endpoint of the filter expression API to bring down the Icinga 2 daemon.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Icinga
Published
2025-10-16
Last Modified
2026-02-24
References
https://github.com/Icinga/icinga2/pull/6521 https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4
Patch
https://icinga.com/docs/icinga-2/latest/doc/01-about/
Share on: