Описание
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.3.9-1ubuntu0.18.04.2 |
| cosmic | released | 1:1.3.9-1ubuntu1.1 |
| devel | not-affected | 1:2.0.10-1 |
| disco | not-affected | 1:2.0.10-1 |
| esm-infra-legacy/trusty | released | 1:1.2.7-1ubuntu1+esm1 |
| esm-infra/bionic | released | 1:1.3.9-1ubuntu0.18.04.2 |
| esm-infra/xenial | released | 1:1.2.24-1ubuntu0.16.04.2 |
| precise/esm | not-affected | 1:1.2.2-3ubuntu1.2 |
| trusty | ignored | end of standard support |
| trusty/esm | released | 1:1.2.7-1ubuntu1+esm1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3