keepalived is vulnerable to denial of service. A lack of validation of HTTP status codes in the extract_status_code
function in lib/html.c
results in a heap-based buffer overflow when parsing malicious HTTP status codes, allowing a remote attacker to crash the daemon, or possibly execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
keepalived | eq | 1.3.5__6.el7 |