Primary

Context

Icinga 2 Null Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Icinga 2 versions 2.10.0 prior to 2.15.1, as well as in versions 2.14.7 and 2.13.13. The issue arises when an API user creates an invalid reference, such as one pointing to null, causing the application to dereference the reference and experience a segmentation fault. This flaw can be exploited by any API user with access to an endpoint that accepts filter expressions, effectively crashing the Icinga 2 daemon.

Impact

Exploitation of this vulnerability causes a segmentation fault, crashing the Icinga 2 daemon.

Remediation

Users can upgrade to Icinga 2 versions 2.15.1, 2.14.7, or 2.13.13 to address this vulnerability. After upgrading, it is important to check the logrotate configuration file for proper updates.

Added: Oct 16, 2025, 6:24 PM

Updated: Oct 16, 2025, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Icinga 2 Null Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating