CVE-2019-11455

NameCVE-2019-11455
DescriptionA buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1767-1, DLA-2855-1, ELA-113-1
Debian Bugs927775

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
monit (PTS)jessie, jessie (lts)1:5.9-1+deb8u3fixed
stretch (security)1:5.20.0-6+deb9u2fixed
stretch (lts), stretch1:5.20.0-6+deb9u3fixed
bullseye1:5.27.2-1fixed
bookworm1:5.33.0-1fixed
trixie1:5.34.0-1fixed
sid1:5.34.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
monitsourcewheezy1:5.4-2+deb7u4ELA-113-1
monitsourcejessie1:5.9-1+deb8u2DLA-1767-1
monitsourcestretch1:5.20.0-6+deb9u2DLA-2855-1
monitsource(unstable)1:5.25.3-1927775

Notes

https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a

Search for package or bug name: Reporting problems