Keepalived HTTP Status Codes Parsing Heap-Based Buffer Overflow Vulnerability



A vulnerability in the extract_status_code() function of Keepalived could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper parsing of HTTP responses when the extract_status_code() function, as defined in the lib/html.c source code file of the affected software, does not validate HTTP status codes and writes a significant amount of content to heap memory. An attacker could exploit this vulnerability by sending a request that submits malicious input to a targeted system. A successful exploit could result in a heap-based overflow condition that the attacker could use to cause a DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Keepalived.org has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-19115

Source:: Cisco Multivendor Vulnerability Alerts