rpm package
almalinux/keepalived
pkg:rpm/almalinux/keepalived
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41184 | Cri | 9.8 | < 2.1.5-10.el8_10 | 2.1.5-10.el8_10 | Jul 18, 2024 | In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user. | |
| CVE-2021-44225 | — | < 2.1.5-8.el8 | 2.1.5-8.el8 | Nov 26, 2021 | In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writab |
- affected < 2.1.5-10.el8_10fixed 2.1.5-10.el8_10
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
- CVE-2021-44225Nov 26, 2021affected < 2.1.5-8.el8fixed 2.1.5-8.el8
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writab