Logo
vulnerabilityCVE-2024-41184
Name
CVE-2024-41184
Source
NVD ( link)Debian ( link)
Description
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
CWEs
CWE-190
Published Date
Updated Date
Workaround
-
Advisories

Analysis#

Affected Component
Analysis
keepalived
Patched

Vulnerability Ratings#

9.8
CVSSv31
NaN
other

Others affected components#

Name
Project
Project Version
Version
Status
keepalived
buildroot
2025.02.x
2.2.8
Not Affected
keepalived
buildroot
master
2.2.8
Not Affected
keepalived
openwrt
master
2.3.3-r3
Not Affected
keepalived
openwrt
openwrt-25.12
2.3.3-r2
Not Affected
keepalived
yocto
kirkstone
2.2.2
Patched
keepalived
yocto
master
2.3.4
Not Affected

Resolved with patches#

keepalived (yocto:kirkstone)

#
Title
Author
Resolve
1
lib: don't return subtracted addresses for rb_find() compare
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184
2
vrrp: Handle empty ipset names with vrrp_ipsets keyword
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184
3
vrrp and ipvs: handle empty nftables chain names
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184
4
vrrp: handle empty iptables chain names - vrrp_iptables
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184

keepalived (yocto:scarthgap)

#
Title
Author
Resolve
1
lib: don't return subtracted addresses for rb_find() compare
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184
2
vrrp: Handle empty ipset names with vrrp_ipsets keyword
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184
3
vrrp and ipvs: handle empty nftables chain names
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184
4
vrrp: handle empty iptables chain names - vrrp_iptables
Quentin Armitage <quentin@armitage.org.uk>
CVE-2024-41184