Keepalived
CVE-2018-19115
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
AnalysisAI
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. Affected products include: Keepalived, Debian Debian Linux, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus. Version information: before 2.0.7.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Keepalived
View allkeepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially le
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today