{ "threat_severity" : "Moderate", "public_date" : "2024-07-18T00:00:00Z", "bugzilla" : { "description" : "keepalived: Integer overflow vulnerability in vrrp_ipsets_handler", "id" : "2298532", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2298532" }, "cvss3" : { "cvss3_base_score" : "6.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-190", "details" : [ "In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.", "A flaw was found in the keepalived package. An integer overflow occurs when incorrect arguments are passed. As a result, reading from an undefined address takes place." ], "statement" : "The described vulnerability in the keepalived package, characterized by an integer overflow in the vrrp_ipsets_handler function of fglobal_parser.c, is assessed as moderate severity rather than important due to the specific conditions required for exploitation. The flaw necessitates the manual configuration of an empty ipset name, a scenario that deviates from standard operational procedures. This constraint significantly reduces the likelihood of the vulnerability being exploited in typical deployment environments. Additionally, the primary consequence of this integer overflow is reading from an undefined address, which, while potentially disruptive, is less severe compared to vulnerabilities that allow arbitrary code execution or privilege escalation.", "affected_release" : [ { "product_name" : "Red Hat Ceph Storage 8.1", "release_date" : "2025-06-26T00:00:00Z", "advisory" : "RHSA-2025:9775", "cpe" : "cpe:/a:redhat:ceph_storage:8.1::el9", "package" : "ceph-2:19.2.1-222.el9cp" }, { "product_name" : "Red Hat Ceph Storage 8.1", "release_date" : "2025-06-26T00:00:00Z", "advisory" : "RHSA-2025:9775", "cpe" : "cpe:/a:redhat:ceph_storage:8.1::el9", "package" : "cephadm-ansible-1:4.1.4-1.el9cp" }, { "product_name" : "Red Hat Ceph Storage 8.1", "release_date" : "2025-06-26T00:00:00Z", "advisory" : "RHSA-2025:9775", "cpe" : "cpe:/a:redhat:ceph_storage:8.1::el9", "package" : "oath-toolkit-0:2.6.12-1.el9cp" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-01-28T00:00:00Z", "advisory" : "RHSA-2025:0743", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "keepalived-0:2.1.5-10.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-02-04T00:00:00Z", "advisory" : "RHSA-2025:0917", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "keepalived-0:2.2.8-4.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Out of support scope", "package_name" : "rhceph/keepalived-rhel8", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Ceph Storage 6", "fix_state" : "Will not fix", "package_name" : "rhceph/keepalived-rhel9", "cpe" : "cpe:/a:redhat:ceph_storage:6" }, { "product_name" : "Red Hat Ceph Storage 7", "fix_state" : "Affected", "package_name" : "rhceph/keepalived-rhel9", "cpe" : "cpe:/a:redhat:ceph_storage:7" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "keepalived", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "keepalived", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-41184\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41184\nhttps://github.com/acassen/keepalived/issues/2447#issuecomment-2231329734" ], "name" : "CVE-2024-41184", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }