{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-30T12:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201903-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-01"}, {"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/acassen/keepalived/pull/961"}, {"name": "RHSA-2019:0022", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0022"}, {"name": "USN-3995-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3995-1/"}, {"name": "USN-3995-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3995-2/"}, {"name": "RHSA-2019:1792", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1792"}, {"name": "RHSA-2019:1945", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1945"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201903-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-01"}, {"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"}, {"name": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9", "refsource": "MISC", "url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"}, {"name": "https://github.com/acassen/keepalived/pull/961", "refsource": "MISC", "url": "https://github.com/acassen/keepalived/pull/961"}, {"name": "RHSA-2019:0022", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0022"}, {"name": "USN-3995-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3995-1/"}, {"name": "USN-3995-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3995-2/"}, {"name": "RHSA-2019:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1792"}, {"name": "RHSA-2019:1945", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1945"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:30:04.087Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201903-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-01"}, {"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/acassen/keepalived/pull/961"}, {"name": "RHSA-2019:0022", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0022"}, {"name": "USN-3995-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3995-1/"}, {"name": "USN-3995-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3995-2/"}, {"name": "RHSA-2019:1792", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1792"}, {"name": "RHSA-2019:1945", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1945"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19115", "datePublished": "2018-11-08T20:00:00", "dateReserved": "2018-11-08T00:00:00", "dateUpdated": "2024-08-05T11:30:04.087Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:keepalived:keepalived:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7E17D71-1A1A-45D9-82E7-AA3F771BDF10", "versionEndExcluding": "2.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."}, {"lang": "es", "value": "keepalived hasta la versi\u00f3n 2.0.8 tiene un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) cuando se analizan los c\u00f3digos de estado HTTP, lo que resulta en una denegaci\u00f3n de servicio (DoS) o, posiblemente, en otro impacto indeterminado, debido a que extract_status_code en lib/html.c no tiene ninguna validaci\u00f3n del c\u00f3digo de estado y, en su lugar, escribe una cantidad ilimitada de datos en la memoria din\u00e1mica."}], "id": "CVE-2018-19115", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-08T20:29:00.573", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0022"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1792"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1945"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/acassen/keepalived/pull/961"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-01"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3995-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3995-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0022", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "keepalived-0:1.3.5-8.el7_6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-01-03T00:00:00Z"}, {"advisory": "RHSA-2019:1945", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "keepalived-0:1.3.5-1.el7_4.1", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-07-30T00:00:00Z"}, {"advisory": "RHSA-2019:1792", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "keepalived-0:1.3.5-7.el7_5.2", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-07-16T00:00:00Z"}], "bugzilla": {"description": "keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution", "id": "1651871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651871"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-122", "details": ["keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.", "Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer."], "name": "CVE-2018-19115", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "keepalived", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "keepalived", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-11-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-19115\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19115"], "statement": "This issue affects the versions of keepalived as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Important", "upstream_fix": "keepalived 2.0.9"}