CVE-2019-13485

Publication date 27 August 2019

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.

Status

Package Ubuntu Release Status
xymon 24.10 oracular
Fixed 4.3.29-1
24.04 LTS noble
Fixed 4.3.29-1
23.10 mantic
Fixed 4.3.29-1
23.04 lunar
Fixed 4.3.29-1
22.10 kinetic
Fixed 4.3.29-1
22.04 LTS jammy
Fixed 4.3.29-1
21.10 impish
Fixed 4.3.29-1
21.04 hirsute
Fixed 4.3.29-1
20.10 groovy
Fixed 4.3.29-1
20.04 LTS focal
Fixed 4.3.29-1
19.10 eoan
Fixed 4.3.29-1
19.04 disco Ignored end of life
18.04 LTS bionic
Vulnerable
16.04 LTS xenial
Vulnerable
14.04 LTS trusty Not in release

Severity score breakdown

Parameter Value
Base score 9.8 · Critical
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H