CVE-2024-41184Integer Overflow or Wraparound in Keepalived

CWE-190Integer Overflow or Wraparound8 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 56.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
KeepalivedDebian KeepalivedMsrc Azl3 Keepalived 2.3.1-1 ON Azure Linux 3.0+5 more
Timeline
PublishedJul 18
Latest updateOct 15

Description

In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

debiandebian/keepalived< keepalived 1:2.3.2-1 (forky)
Debiankeepalived/keepalived< 1:2.3.2-1+1

🔴Vulnerability Details

2
GHSA
GHSA-343m-v77v-mv8r: In the vrrp_ipsets_handler handler (fglobal_parser2024-07-18
OSV
CVE-2024-41184: In the vrrp_ipsets_handler handler (fglobal_parser2024-07-18

📋Vendor Advisories

5
Oracle
Oracle Oracle Utilities Applications Risk Matrix: General (jQueryUI) — CVE-2021-411842024-10-15
Red Hat
keepalived: Integer overflow vulnerability in vrrp_ipsets_handler2024-07-18
Oracle
Oracle Oracle Communications Risk Matrix: Security (jQueryUI) — CVE-2021-411842024-07-15
Microsoft
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be confi2024-07-09
Debian
CVE-2024-41184: keepalived - In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3....2024