| keepalived prima 2.0.7 ha un overflow del buffer di heap-based quando i codici di stato parsing di HTTP in DoS o, eventualmente, non specificato altro impatto, perché extract_status_code in lib / html.c ha alcuna validazione del codice di stato e invece scrive una quantità illimitata di dati mucchio. |
| https://security.gentoo.org/glsa/201903-01 https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/pull/961 https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9 https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html https://access.redhat.com/errata/RHSA-2019:0022 https://access.redhat.com/errata/RHSA-2019:1792 https://access.redhat.com/errata/RHSA-2019:1945 https://usn.ubuntu.com/3995-1/ https://usn.ubuntu.com/3995-2/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19115 |
Vulnerabilità: CVE-2018-19115
