cbcvebase.
CVE-2019-11455
published 2019-04-22

CVE-2019-11455: A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent…

PriorityP339high8.1CVSS 3.1
AVNACLPRLUINSUCHINAH
EPSS
3.14%
86.3th percentile
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

Affected

14 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianmonit< monit 1:5.25.3-1 (bookworm)monit 1:5.25.3-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
tildeslashmonit< 5.25.35.25.3
tildeslashmonit>= 0 < 1:5.25.3-11:5.25.3-1
tildeslashmonit>= 0 < 1:5.25.3-11:5.25.3-1
tildeslashmonit>= 0 < 1:5.25.3-11:5.25.3-1
tildeslashmonit>= 0 < 1:5.25.3-11:5.25.3-1
tildeslashmonit>= 0 < 1:5.6-2ubuntu0.1+esm21:5.6-2ubuntu0.1+esm2
tildeslashmonit>= 0 < 1:5.16-2ubuntu0.2+esm11:5.16-2ubuntu0.2+esm1
tildeslashmonit>= 0 < 1:5.25.1-1ubuntu0.1~esm11:5.25.1-1ubuntu0.1~esm1

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:P
osv8.1HIGH
vendor_debian8.1HIGH
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.