CVE-2019-11455
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11455
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11455.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-11455
- Downstream
- Related
- Published
- 2019-04-22T16:29:01Z
- Modified
- 2025-10-15T10:08:46.801536Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
- References
-
- https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
- https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py
- https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
- https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html
- https://usn.ubuntu.com/3971-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/
Affected packages
Git / bitbucket.org/tildeslash/monit
Affected ranges
- Type
- GIT
- Repo
- https://bitbucket.org/tildeslash/monit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedf12d0cdb42d4e74dffe1525d4062c815c48ac57a
Affected versions
Other
release-5-10-0
release-5-11-0
release-5-12-0
release-5-12-1
release-5-12-2
release-5-13-0
release-5-14-0
release-5-15-0
release-5-16-0
release-5-17-0
release-5-17-1
release-5-18-0
release-5-19-0
release-5-20-0
release-5-21-0
release-5-22-0
release-5-23-0
release-5-24-0
release-5-25-0
release-5-25-1
release-5-25-2
release-5-7
release-5-8
release-5-8-1
release-5-8-2
release-5-9-0
Database specific
vanir_signatures
[
{
"id": "CVE-2019-11455-964021e3",
"source": "https://bitbucket.org/tildeslash/monit@f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
"signature_type": "Function",
"digest": {
"function_hash": "93992887670432761616107281068180192984",
"length": 417.0
},
"signature_version": "v1",
"target": {
"function": "Util_urlDecode",
"file": "src/util.c"
},
"deprecated": false
},
{
"id": "CVE-2019-11455-f79bd834",
"source": "https://bitbucket.org/tildeslash/monit@f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"336792216971483575453435551836204467274",
"291712273761895760649981696046002910704",
"271180010610417258655129962113380495898",
"21114216790731638776552251915180379568",
"173822145611965365697731601117605934289",
"245280868408692416270473546290603669879",
"242862724403075143428749160003221515339",
"298734385230047532110796783583358199549",
"217832284105747072654599295948154493272",
"284458092717974091187784453750759614001",
"99362352307682091576341187826044176903",
"144914216189621785524832115774637432358",
"156514795832395084577171720215568981037",
"204684603920824327899377881952475827354",
"311343363071435061989086714180242758086",
"272225639610348821859421113697663549549",
"60787199865810157298384129240791586496",
"334397499546725008374277679329106001896",
"81251255236040120734927710176480296484",
"140763349542358092626072794061719663411",
"331578764451842713949460228859657056635",
"225615824364547026479931068946884039306"
]
},
"signature_version": "v1",
"target": {
"file": "src/util.c"
},
"deprecated": false
}
]