CVE-2019-17358
N/A
N/A
Summary
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.darkmatter.ae/xen1thlabs/
- https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109
- https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html
- https://github.com/Cacti/cacti/issues/3026
- https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html
- https://seclists.org/bugtraq/2020/Jan/25
- https://www.debian.org/security/2020/dsa-4604
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
- https://security.gentoo.org/glsa/202003-40
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
References
- https://www.darkmatter.ae/xen1thlabs/
- https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109
- https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html
- https://github.com/Cacti/cacti/issues/3026
- https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html
- https://seclists.org/bugtraq/2020/Jan/25
- https://www.debian.org/security/2020/dsa-4604
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
- https://security.gentoo.org/glsa/202003-40
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.