A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
References
Link | Resource |
---|---|
https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py | Exploit Third Party Advisory |
https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py | Exploit Third Party Advisory |
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3971-1/ | Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/ | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2019-04-22 09:29
Updated : 2022-03-31 10:45
NVD link : CVE-2019-11455
Mitre link : CVE-2019-11455
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
debian
- debian_linux
tildeslash
- monit
canonical
- ubuntu_linux
fedoraproject
- fedora