CVE-2019-11455
HIGH EPSS 86.3%
Published Apr 22, 20197y ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
Published Apr 22, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
86.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 6
| Vendor | Product | Version | Range |
|---|---|---|---|
| tildeslash | monit | * | <5.25.3 |
| debian | debian_linux | 8.0 | any |
| fedoraproject | fedora | 31 | any |
| fedoraproject | fedora | 32 | any |
| canonical | ubuntu_linux | 18.10 | any |
| canonical | ubuntu_linux | 19.04 | any |
References 8
- bitbucket.org https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
- github.com https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py
- github.com https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
- lists.debian.org https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/
- usn.ubuntu.com https://usn.ubuntu.com/3971-1/
Remediation
- bitbucket.org https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
- usn.ubuntu.com https://usn.ubuntu.com/3971-1/