Main Vulnerability Database Vulnerabilities #VU135838

Stack-based buffer overflow in Icinga - #VU135838

Published: June 29, 2026

Vulnerability identifier: #VU135838

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Icinga

Affected software:
Icinga

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to stack-based buffer overflow in the JSON parser when processing deeply nested JSON objects. A remote attacker can send specially crafted JSON input to cause a denial of service.

The affected code is reachable by unauthenticated clients over the network. The possibility of code execution cannot be ruled out, but it has not been demonstrated.

Remediation

Install security update from vendor's website.

Sources

https://github.com/Icinga/icinga2/security/advisories/GHSA-wh38-wg57-5w7g
https://icinga.com/blog/icinga2-security-release-v2-16-2/

Stack-based buffer overflow in Icinga - #VU135838

Detailed vulnerability description

Remediation

Sources

Please verify you're human