On 2026-07-01 15:36:00, Holger Weiß wrote: > We released Monitoring Plugins 3.0.1, which fixes a security issue in > the check_icmp plugin. > > ... > > A local user can trigger a heap buffer overflow in check_icmp by > supplying more than 65535 target hosts, which overflows an internal > counter. This happens before check_icmp drops its privileges, so the > corruption occurs while still running as root on setuid-root > installations.
If anyone was wondering, nagios-plugins has the same problem. Fix: https://github.com/nagios-plugins/nagios-plugins/pull/833
