CVE-2019-11455

NameCVE-2019-11455
DescriptionA buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1767-1, DLA-2855-1
Debian Bugs927775

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
monit (PTS)bullseye1:5.27.2-1fixed
bookworm1:5.33.0-1fixed
sid, trixie1:5.34.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
monitsourcejessie1:5.9-1+deb8u2DLA-1767-1
monitsourcestretch1:5.20.0-6+deb9u2DLA-2855-1
monitsource(unstable)1:5.25.3-1927775

Notes

https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
Search for package or bug name: Reporting problems