Описание
Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later.
Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010312
- https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
- https://bitbucket.org/tildeslash/monit/src/e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9/CHANGES?at=master&fileviewer=file-view-default
- https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
CVE ID
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11455. Reason: This candidate is a reservation duplicate of CVE-2019-11455. Notes: All CVE users should reference CVE-2019-11455 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage