Back to search
CVE-2018-19115
Published: Nov 8, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-201903-01
vendor-advisory
x_refsource_GENTOO
[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update
mailing-list
x_refsource_MLIST
https://bugzilla.suse.com/show_bug.cgi?id=1015141
x_refsource_MISC
https://github.com/acassen/keepalived/pull/961
x_refsource_MISC
RHSA-2019:0022
vendor-advisory
x_refsource_REDHAT
USN-3995-1
vendor-advisory
x_refsource_UBUNTU
USN-3995-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:1792
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1945
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now