1. CVE-Search
  2. CVE-2018-19115
ID CVE-2018-19115
Summary keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
References
Vulnerable Configurations
  • cpe:2.3:a:keepalived:keepalived:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:keepalived:keepalived:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:keepalived:keepalived:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1651871
    title CVE-2018-19115 keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment keepalived is earlier than 0:1.3.5-8.el7_6
        oval oval:com.redhat.rhsa:tst:20190022001
      • comment keepalived is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20190022002
    rhsa
    id RHSA-2019:0022
    released 2019-01-03
    severity Important
    title RHSA-2019:0022: keepalived security update (Important)
  • rhsa
    id RHSA-2019:1792
  • rhsa
    id RHSA-2019:1945
rpms
  • keepalived-0:1.3.5-8.el7_6
  • keepalived-debuginfo-0:1.3.5-8.el7_6
  • keepalived-0:1.3.5-7.el7_5.2
  • keepalived-debuginfo-0:1.3.5-7.el7_5.2
  • keepalived-0:1.3.5-1.el7_4.1
  • keepalived-debuginfo-0:1.3.5-1.el7_4.1
refmap via4
gentoo GLSA-201903-01
misc
mlist [debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update
ubuntu
  • USN-3995-1
  • USN-3995-2
Last major update 24-08-2020 - 17:37
Published 08-11-2018 - 20:29
Last modified 24-08-2020 - 17:37
Back to Top