CVE-2018-19115

NameCVE-2018-19115
Descriptionkeepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1589-1, ELA-834-1
Debian Bugs914393

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
keepalived (PTS)jessie, jessie (lts)1:1.2.13-1+deb8u1fixed
stretch (lts), stretch1:1.3.2-1+deb9u1fixed
buster (security), buster, buster (lts)1:2.0.10-1+deb10u1fixed
bullseye1:2.1.5-0.2+deb11u1fixed
bookworm1:2.2.7-1fixed
sid, trixie1:2.3.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
keepalivedsourcewheezy(unfixed)end-of-life
keepalivedsourcejessie1:1.2.13-1+deb8u1DLA-1589-1
keepalivedsourcestretch1:1.3.2-1+deb9u1ELA-834-1
keepalivedsource(unstable)1:2.0.10-1low914393

Notes

[stretch] - keepalived <no-dsa> (Minor issue)
https://bugzilla.suse.com/show_bug.cgi?id=1015141
https://github.com/acassen/keepalived/pull/961
https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
Search for package or bug name: Reporting problems