CVE-2018-19792
MEDIUMLiteSpeed OpenLiteSpeed <1.5.0 RC6 - Buffer Overflow
Title source: llmDescription
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://github.com/litespeedtech/openlitespeed/issues/117
Scores
CVSS v3
6.7
EPSS
0.0043
EPSS Percentile
34.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
litespeedtech/openlitespeed
1.5.0 rc1 (5 CPE variants)
litespeedtech/openlitespeed
< 1.4.41
Published
Dec 03, 2018
Tracked Since
Feb 18, 2026