CVE-2019-11360

low-risk
Published 2019-07-12

A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.2/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Iptables

Affected Vendors

Netfilter

References (4)

Exploit https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
Patch https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f0...
Exploit https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
Patch https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f0...
24
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 4/34 · Minimal
Exposure 5/34 · Minimal