PT-2019-4943 · Monit+2 · Monit+2

Zack Flack

·

Published

2019-03-04

·

Updated

2022-03-31

·

CVE-2019-11455

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:S/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions Monit versions prior to 5.25.3
Description The issue is related to a buffer over-read in the Util urlDecode function of the Monit utility, which can lead to a denial of service. An attacker can exploit this by manipulating GET or POST parameters, potentially allowing them to retrieve adjacent memory contents or cause an application outage.
Recommendations For Monit versions prior to 5.25.3, update to version 5.25.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Util urlDecode function or limiting the manipulation of GET and POST parameters to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALT-PU-2019-1373
BDU:2020-01555
CVE-2019-11455
DLA-1767-1
DLA-2855-1
MGASA-2019-0246
USN-3971-1
USN-4860-1

Affected Products

Alt Linux
Monit
Ubuntu