Note:
This project will be discontinued after December 13, 2021. [more]
2018-11-08
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
Products | Debian_linux, Keepalived, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation |
Type | Out-of-bounds Write (CWE-787) |
First patch | - None (likely due to unavailable code) |
Links |
• https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
• https://github.com/acassen/keepalived/pull/961 • https://usn.ubuntu.com/3995-1/ • https://usn.ubuntu.com/3995-2/ • https://security.gentoo.org/glsa/201903-01 |