CVE-2018-19792

Published: Dec 3, 2018Modified: Nov 21, 2024

6.7

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.

Affected (6)

Products: Litespeedtech: Openlitespeed

Litespeedtech

1 product

Openlitespeed

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Litespeedtech Openlitespeed	Up to 1.4.41
Litespeedtech Openlitespeed	Version 1.5.0 rc1
Litespeedtech Openlitespeed	Version 1.5.0 rc2
Litespeedtech Openlitespeed	Version 1.5.0 rc3
Litespeedtech Openlitespeed	Version 1.5.0 rc4
Litespeedtech Openlitespeed	Version 1.5.0 rc5

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://github.com/litespeedtech/openlitespeed/issues/117

Source: cve@mitre.org

ExploitVendor Advisory

https://github.com/litespeedtech/openlitespeed/issues/117

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.