CVE-2019-11455Out-of-bounds Read in Monit

CWE-125Out-of-bounds Read13 documents8 sources
Severity
8.1HIGHNVD
OSV6.1
EPSS
1.8%
top 17.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Tildeslash MonitDebian MonitCanonical Ubuntu Linux+2 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

NVDtildeslash/monit< 5.25.3
Debiantildeslash/monit< 1:5.25.3-1+3
Ubuntutildeslash/monit< 1:5.6-2ubuntu0.1+esm2+2
debiandebian/monit< monit 1:5.25.3-1 (bookworm)

Also affects: Debian Linux 8.0, Fedora 31, 32, Ubuntu Linux 18.10, 19.04

Patches

Patch: bitbucket.orgPatch: usn.ubuntu.comPatch: bitbucket.org

🔴Vulnerability Details

3
GHSA
Buffer overflow2022-05-24
OSV
monit vulnerabilities2021-03-15
OSV
CVE-2019-11455: A buffer over-read in Util_urlDecode in util2019-04-22

💥Exploits & PoCs

1
Metasploit
LimeSurvey Zip Path Traversals

📋Vendor Advisories

3
Ubuntu
Monit vulnerabilities2021-03-15
Ubuntu
Monit vulnerabilities2019-05-08
Debian
CVE-2019-11455: monit - A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3...2019

🕵️Threat Intelligence

2
Wiz
CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

3
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]2019-04-24
Bugzilla
CVE-2019-11455 monit: buffer over-read in function Util_urlDecode in util.c2019-04-24
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]2019-04-24
CVE-2019-11455 — Out-of-bounds Read in Tildeslash Monit | cvebase