{"id":"USN-7250-1","summary":"netdata vulnerabilities","details":"It was discovered that Netdata incorrectly handled parsing JSON input,\nwhich could lead to a JSON injection. An attacker could possibly use\nthis issue to execute arbitrary code. This issue only affected \nUbuntu 18.04 LTS. (CVE-2018-18836)\n\nIt was discovered that Netdata incorrectly handled parsing HTTP headers,\nwhich could lead to a HTTP header injection. An attacker could possibly\nuse this issue to cause a denial of service or leak sensitive information.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-18837)\n\nIt was discovered that Netdata incorrectly handled parsing URLs, which\ncould lead to a log injection. An attacker could possibly use this issue\nto consume system resources, resulting in a denial of service. This issue\nonly affected Ubuntu 18.04 LTS. (CVE-2018-18838)\n\nIt was discovered Netdata improperly authenticated API keys. An attacker\ncould possibly use this issue to leak sensitive information or execute\narbitrary code. This issue only affected Ubuntu 20.04 LTS and \nUbuntu 22.04 LTS. (CVE-2023-22497)\n\nIt was discovered Fluent Bit, vendored in Netdata, incorrectly handled\nparsing HTTP payloads. An attacker could possibly use this issue to\ndisrupt logging. This issue only affected Ubuntu 24.10. (CVE-2024-23722)\n\nIt was discovered that WebAssembly Micro Runtime, vendored in Netdata,\nincorrectly handled memory. An attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 24.10.\n(CVE-2024-34250, CVE-2024-34251)\n","modified":"2026-02-28T05:58:55.769785Z","published":"2025-02-03T05:37:36Z","related":["UBUNTU-CVE-2018-18836","UBUNTU-CVE-2018-18837","UBUNTU-CVE-2018-18838","UBUNTU-CVE-2023-22497"],"upstream":["CVE-2018-18836","CVE-2018-18837","CVE-2018-18838","CVE-2023-22497","CVE-2024-23722","UBUNTU-CVE-2018-18836","UBUNTU-CVE-2018-18837","UBUNTU-CVE-2018-18838","UBUNTU-CVE-2023-22497","UBUNTU-CVE-2024-23722","UBUNTU-CVE-2024-34250","UBUNTU-CVE-2024-34251"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7250-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-18836"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-18837"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-18838"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-22497"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-23722"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-34250"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-34251"}],"affected":[{"package":{"name":"netdata","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/netdata@1.9.0+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.0+dfsg-1ubuntu0.1~esm1"}]}],"versions":["1.7.0+dfsg-1","1.8.0+dfsg-1","1.9.0+dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"netdata","binary_version":"1.9.0+dfsg-1ubuntu0.1~esm1"},{"binary_name":"netdata-data","binary_version":"1.9.0+dfsg-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7250-1.json","cves_map":{"cves":[{"id":"CVE-2018-18836","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-18837","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-18838","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"netdata","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/netdata@1.19.0-3ubuntu1+esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.19.0-3ubuntu1+esm1"}]}],"versions":["1.16.1-2","1.19.0-3ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"netdata","binary_version":"1.19.0-3ubuntu1+esm1"},{"binary_name":"netdata-apache2","binary_version":"1.19.0-3ubuntu1+esm1"},{"binary_name":"netdata-core","binary_version":"1.19.0-3ubuntu1+esm1"},{"binary_name":"netdata-plugins-bash","binary_version":"1.19.0-3ubuntu1+esm1"},{"binary_name":"netdata-plugins-nodejs","binary_version":"1.19.0-3ubuntu1+esm1"},{"binary_name":"netdata-plugins-python","binary_version":"1.19.0-3ubuntu1+esm1"},{"binary_name":"netdata-web","binary_version":"1.19.0-3ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7250-1.json","cves_map":{"cves":[{"id":"CVE-2023-22497","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"netdata","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/netdata@1.33.1-1ubuntu1+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.33.1-1ubuntu1+esm1"}]}],"versions":["1.29.3-4","1.31.0-4","1.33.1-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"netdata","binary_version":"1.33.1-1ubuntu1+esm1"},{"binary_name":"netdata-apache2","binary_version":"1.33.1-1ubuntu1+esm1"},{"binary_name":"netdata-core","binary_version":"1.33.1-1ubuntu1+esm1"},{"binary_name":"netdata-plugins-bash","binary_version":"1.33.1-1ubuntu1+esm1"},{"binary_name":"netdata-plugins-nodejs","binary_version":"1.33.1-1ubuntu1+esm1"},{"binary_name":"netdata-plugins-python","binary_version":"1.33.1-1ubuntu1+esm1"},{"binary_name":"netdata-web","binary_version":"1.33.1-1ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7250-1.json","cves_map":{"cves":[{"id":"CVE-2023-22497","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.3"}