8.1

CVE-2019-11455

Exploit
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TildeslashMonit Version < 5.25.3
DebianDebian Linux Version8.0
FedoraprojectFedora Version31
FedoraprojectFedora Version32
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.14% 0.862
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/
https://usn.ubuntu.com/3971-1/
Patch
Third Party Advisory
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
Patch
Third Party Advisory
https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py
Third Party Advisory
Exploit
https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
Third Party Advisory
Exploit