CVE-2024-41184

In the vrrpipsetshandler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.

Database specific

{
    "isDisputed": true
}

References

https://github.com/acassen/keepalived/issues/2447#issuecomment-2231329734

Affected packages

Git / github.com/acassen/keepalived

Affected ranges

Type: GIT
Repo: https://github.com/acassen/keepalived
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c636903943fd02b8fc702685e030ed6769435be8

Affected versions

1.*

1.3.1

v0.*

v0.2.1

v0.2.3

v0.2.6

v0.2.7

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.4.0

v0.4.1

v0.4.8

v0.4.9

v0.4.9a

v0.5.3

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.1

v0.6.10

v0.6.2

v0.6.3

v0.6.4

v0.6.6

v0.6.8

v0.6.9

v0.7.1

v0.7.6

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.16

v1.1.17

v1.1.18

v1.1.19

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.2

v1.2.20

v1.2.21

v1.2.22

v1.2.23

v1.2.24

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.20

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.3.0

v2.3.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41184.json"