Critical severity9.8OSV Advisory· Published Nov 8, 2018· Updated Jun 17, 2026
CVE-2018-19115
CVE-2018-19115
Description
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.3.1, v0.2.1, v0.2.3, …+ 1 more
- (no CPE)range: 1.3.1, v0.2.1, v0.2.3, …
- (no CPE)range: <2.0.7
Patches
Vulnerability mechanics
References
10- github.com/acassen/keepalived/pull/961nvdPatchThird Party Advisory
- github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9nvdPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0022nvdThird Party Advisory
- bugzilla.suse.com/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/11/msg00034.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201903-01nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:1792nvd
- access.redhat.com/errata/RHSA-2019:1945nvd
- usn.ubuntu.com/3995-1/nvd
- usn.ubuntu.com/3995-2/nvd
News mentions
0No linked articles in our index yet.