漏洞信息详情

Keepalived 缓冲区错误漏洞

漏洞简介

Keepalived是一个款使用C语言编写的路由软件。该软件主要用于负载均衡和故障检测等。

keepalived 2.0.8及之前的版本中存在基于堆的缓冲区溢出漏洞,该漏洞源于lib/html.c文件中的‘extract_status_code’函数没有验证状态代码。远程攻击者可利用该漏洞造成拒绝服务。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9

参考网址

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html

来源:MISC

链接:https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9

来源:GENTOO

链接:https://security.gentoo.org/glsa/201903-01

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:0022

来源:MISC

链接:https://bugzilla.suse.com/show_bug.cgi?id=1015141

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10794373

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10791549

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10869078

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10792175

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10870872

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10871830

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10791547

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10871626

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10871786

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10794307

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10870068

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152024/Gentoo-Linux-Security-Advisory-201903-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/76454

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10794743

漏洞信息快速查询

相关漏洞

更多