PT-2019-4943 · Monit+2 · Monit+2

Zack Flack

·

Publicado

2019-03-04

·

Atualizado

2022-03-31

·

CVE-2019-11455

CVSS v2.0

8.5

Alta

VetorAV:N/AC:L/Au:S/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions Monit versions prior to 5.25.3
Description The issue is related to a buffer over-read in the Util urlDecode function of the Monit utility, which can lead to a denial of service. An attacker can exploit this by manipulating GET or POST parameters, potentially allowing them to retrieve adjacent memory contents or cause an application outage.
Recommendations For Monit versions prior to 5.25.3, update to version 5.25.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Util urlDecode function or limiting the manipulation of GET and POST parameters to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-125

Identificadores relacionados

ALT-PU-2019-1373
BDU:2020-01555
CVE-2019-11455
DLA-1767-1
DLA-2855-1
MGASA-2019-0246
USN-3971-1
USN-4860-1

Produtos afetados

Alt Linux
Monit
Ubuntu