CVE-2019-11455

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11455
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11455.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-11455
Downstream
Related
Published
2019-04-22T16:29:01.600Z
Modified
2026-03-12T22:58:25.597372Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

References

Affected packages

Git / bitbucket.org/tildeslash/monit

Affected ranges

Type
GIT
Repo
https://bitbucket.org/tildeslash/monit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9
Fixed
f12d0cdb42d4e74dffe1525d4062c815c48ac57a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.25.3"
        }
    ]
}

Affected versions

Other
release-5-10-0
release-5-11-0
release-5-12-0
release-5-12-1
release-5-12-2
release-5-13-0
release-5-14-0
release-5-15-0
release-5-16-0
release-5-17-0
release-5-17-1
release-5-18-0
release-5-19-0
release-5-20-0
release-5-21-0
release-5-22-0
release-5-23-0
release-5-24-0
release-5-25-0
release-5-25-1
release-5-25-2
release-5-7
release-5-8
release-5-8-1
release-5-8-2
release-5-9-0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "signature_version": "v1",
        "target": {
            "function": "do_foot",
            "file": "src/http/cervlet.c"
        },
        "digest": {
            "length": 648.0,
            "function_hash": "23861697072258711609888231435936520561"
        },
        "source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
        "signature_type": "Function",
        "id": "CVE-2019-11455-13a9ad76",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/monit.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335804617024891229671540928535154829375",
                "310100624601859608845471492265078988370",
                "154807492576191686414917484984983555220",
                "87379780001120515149930474484174954645"
            ]
        },
        "source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
        "signature_type": "Line",
        "id": "CVE-2019-11455-16367172",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "version",
            "file": "src/monit.c"
        },
        "digest": {
            "length": 598.0,
            "function_hash": "287019773174119488372765190948736526793"
        },
        "source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
        "signature_type": "Function",
        "id": "CVE-2019-11455-4c95ae77",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "do_about",
            "file": "src/http/cervlet.c"
        },
        "digest": {
            "length": 1433.0,
            "function_hash": "309952375732884078430535276969002257337"
        },
        "source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
        "signature_type": "Function",
        "id": "CVE-2019-11455-79ed33e1",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/http/cervlet.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83469158976872561554671678004370611577",
                "231063324253302383638823170907697343759",
                "266168777303464530820275752220424199435",
                "234939084648347694763319377839068928997",
                "271084292119558296088722602634243413305",
                "72830479874841803587946559619711045487"
            ]
        },
        "source": "https://bitbucket.org/tildeslash/monit@e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9",
        "signature_type": "Line",
        "id": "CVE-2019-11455-9093b3ec",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "Util_urlDecode",
            "file": "src/util.c"
        },
        "digest": {
            "length": 417.0,
            "function_hash": "93992887670432761616107281068180192984"
        },
        "source": "https://bitbucket.org/tildeslash/monit@f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
        "signature_type": "Function",
        "id": "CVE-2019-11455-964021e3",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/util.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "336792216971483575453435551836204467274",
                "291712273761895760649981696046002910704",
                "271180010610417258655129962113380495898",
                "21114216790731638776552251915180379568",
                "173822145611965365697731601117605934289",
                "245280868408692416270473546290603669879",
                "242862724403075143428749160003221515339",
                "298734385230047532110796783583358199549",
                "217832284105747072654599295948154493272",
                "284458092717974091187784453750759614001",
                "99362352307682091576341187826044176903",
                "144914216189621785524832115774637432358",
                "156514795832395084577171720215568981037",
                "204684603920824327899377881952475827354",
                "311343363071435061989086714180242758086",
                "272225639610348821859421113697663549549",
                "60787199865810157298384129240791586496",
                "334397499546725008374277679329106001896",
                "81251255236040120734927710176480296484",
                "140763349542358092626072794061719663411",
                "331578764451842713949460228859657056635",
                "225615824364547026479931068946884039306"
            ]
        },
        "source": "https://bitbucket.org/tildeslash/monit@f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
        "signature_type": "Line",
        "id": "CVE-2019-11455-f79bd834",
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11455.json"