Quentin Armitage

**Name of the Vulnerable Software and Affected Versions** keepalived versions prior to 2.0.7 **Description** The issue is related to a heap-based buffer overflow when parsing HTTP status codes, potentially resulting in a denial of service (DoS) or other unspecified impacts. This occurs because the `extract status code` function in `lib/html.c` lacks validation of the status code and writes an unlimited amount of data to the heap. The vulnerability can be exploited by a remote attacker to cause a service disruption. **Recommendations** For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `extract status code` function in `lib/html.c` to minimize the risk of exploitation.