CVE-2019-11455
- Source
- https://cve.org/CVERecord?id=CVE-2019-11455
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11455.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-11455
- Downstream
- Published
- 2019-04-22T16:29:01.600Z
- Modified
- 2026-04-16T00:11:55.076786570Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "18.10" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "19.04" } ] }, { "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.0" } ] }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "31" } ] }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "32" } ] } ] }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/
- https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html
- https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
- https://usn.ubuntu.com/3971-1/
- https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py
- https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
Affected packages
Git / bitbucket.org/tildeslash/monit
Affected ranges
- Type
- GIT
- Repo
- https://bitbucket.org/tildeslash/monit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixede9e458ae169c1155cdcd9ca956c0cb4b8d5614f9Fixedf12d0cdb42d4e74dffe1525d4062c815c48ac57a
- Database specific
{ "cpe": "cpe:2.3:a:tildeslash:monit:*:*:*:*:*:*:*:*", "source": [ "CPE_FIELD", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "5.25.3" } ] }
Affected versions
Other
release-5-11-0
release-5-12-0
release-5-12-1
release-5-12-2
release-5-13-0
release-5-14-0
release-5-15-0
release-5-16-0
release-5-17-0
release-5-17-1
release-5-18-0
release-5-19-0
release-5-20-0
release-5-23-0
release-5-24-0
release-5-25-0
release-5-25-1
release-5-25-2
release-5-7
release-5-8
release-5-8-1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"digest": {
"length": 648.0,
"function_hash": "23861697072258711609888231435936520561"
},
"id": "CVE-2019-11455-13a9ad76",
"source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
"target": {
"file": "src/http/cervlet.c",
"function": "do_foot"
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"335804617024891229671540928535154829375",
"310100624601859608845471492265078988370",
"154807492576191686414917484984983555220",
"87379780001120515149930474484174954645"
],
"threshold": 0.9
},
"id": "CVE-2019-11455-16367172",
"source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
"target": {
"file": "src/monit.c"
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"length": 598.0,
"function_hash": "287019773174119488372765190948736526793"
},
"id": "CVE-2019-11455-4c95ae77",
"source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
"deprecated": false,
"target": {
"file": "src/monit.c",
"function": "version"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"length": 1433.0,
"function_hash": "309952375732884078430535276969002257337"
},
"id": "CVE-2019-11455-79ed33e1",
"source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
"target": {
"file": "src/http/cervlet.c",
"function": "do_about"
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"83469158976872561554671678004370611577",
"231063324253302383638823170907697343759",
"266168777303464530820275752220424199435",
"234939084648347694763319377839068928997",
"271084292119558296088722602634243413305",
"72830479874841803587946559619711045487"
],
"threshold": 0.9
},
"id": "CVE-2019-11455-9093b3ec",
"source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
"target": {
"file": "src/http/cervlet.c"
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"length": 417.0,
"function_hash": "93992887670432761616107281068180192984"
},
"id": "CVE-2019-11455-964021e3",
"source": "https://bitbucket.org/tildeslash/monit@f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
"target": {
"file": "src/util.c",
"function": "Util_urlDecode"
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"336792216971483575453435551836204467274",
"291712273761895760649981696046002910704",
"271180010610417258655129962113380495898",
"21114216790731638776552251915180379568",
"173822145611965365697731601117605934289",
"245280868408692416270473546290603669879",
"242862724403075143428749160003221515339",
"298734385230047532110796783583358199549",
"217832284105747072654599295948154493272",
"284458092717974091187784453750759614001",
"99362352307682091576341187826044176903",
"144914216189621785524832115774637432358",
"156514795832395084577171720215568981037",
"204684603920824327899377881952475827354",
"311343363071435061989086714180242758086",
"272225639610348821859421113697663549549",
"60787199865810157298384129240791586496",
"334397499546725008374277679329106001896",
"81251255236040120734927710176480296484",
"140763349542358092626072794061719663411",
"331578764451842713949460228859657056635",
"225615824364547026479931068946884039306"
],
"threshold": 0.9
},
"id": "CVE-2019-11455-f79bd834",
"source": "https://bitbucket.org/tildeslash/monit@f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
"target": {
"file": "src/util.c"
},
"deprecated": false,
"signature_type": "Line"
}
]
vanir_signatures_modified
"2026-04-11T21:43:50Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11455.json"