{"id":"CVE-2018-19045","details":"keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.","modified":"2026-03-15T22:19:56.638447Z","published":"2018-11-08T20:29:00.400Z","related":["MGASA-2018-0494","SUSE-SU-2020:0779-1","openSUSE-SU-2024:10893-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-01"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1015141"},{"type":"FIX","url":"https://github.com/acassen/keepalived/issues/1048"},{"type":"FIX","url":"https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"},{"type":"FIX","url":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/acassen/keepalived","events":[{"introduced":"0"},{"last_affected":"dc3ed1e1e19f02f91edebe4dd1a5f6ec9daf0545"},{"fixed":"5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"},{"fixed":"c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.8"}]}}],"versions":["1.3.1","v0.2.1","v0.2.3","v0.2.6","v0.2.7","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.4.1","v0.4.8","v0.4.9","v0.4.9a","v0.5.3","v0.5.5","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.1","v0.6.10","v0.6.2","v0.6.3","v0.6.4","v0.6.6","v0.6.8","v0.6.9","v0.7.1","v0.7.6","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.1.0","v1.1.1","v1.1.10","v1.1.11","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.17","v1.1.18","v1.1.19","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.1","v1.2.10","v1.2.11","v1.2.12","v1.2.13","v1.2.14","v1.2.15","v1.2.16","v1.2.17","v1.2.18","v1.2.19","v1.2.2","v1.2.20","v1.2.21","v1.2.22","v1.2.23","v1.2.24","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.2.9","v1.3.0","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19045.json","vanir_signatures":[{"target":{"file":"keepalived/core/main.c","function":"keepalived_main"},"digest":{"length":6808,"function_hash":"60477812192732439740516237796944835997"},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-48f3fca4","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/core/global_parser.c"},"digest":{"threshold":0.9,"line_hashes":["89475281224429177671741118572197895203","141945543267540484252221464271830210627","28492755883219318516137475546377272865","311529301410245229763942551666729578845","322861366766076202819845852002123082161","170982395042636036182516454298688762509","3554810321911829373602647490293231115","210041612259406780417780878290612835682","212131085408833042944605381744396300326"]},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-63a1da3e","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/core/main.c"},"digest":{"threshold":0.9,"line_hashes":["122246403363602856218140696631649999777","261817189880649701437811532212085169022","109042160624647117163026329908142481026","34864197991096667696188941826688822734","41185989976096070873219517513467631034","279202142582429280557072832445558142428","169841172998122692370049434385533573510","271345767433871327967417085443529596116","23630686564716392967255023458343910200","183627434301962833008753632654790815066","330112055593031457786399392759835511650","154228111271388678773931958665145966976","286709704614801790751589198939483465898","307857833223423337179225113237005202042","270544067154960670753753007438310170489","189107002617790146991357647089629744360","270990646696309879519928106288885168081","214071654134279382709967690301370863814","183858561382764012579551599858593637910","12761806643551718106126236527133600873","319171447280061693091912665107618295057","20472268543458720451132726661463625447","116568246487073662073959558652060982535","121101664942403370004635759365195985905","298071544371825695470861821083989222213","206611610124293567291229596081846429625","13684618404874196461213271603992019224","24451081388059328782217525034676413247","313981868738148857234696174919524227817","313830957163357751325927775668952239580","229363600428019704125935520932715133221","21607055351266884924145880680805407577","184420280954040414869843084137526302041","247885465098904893329082277884858365317","222687966320278014537904929821532837038","37189981295852490816554151566130433729","224360657772925766751852100705672602927","109435608149983104920134832156797613023","23222382399200900205534702548810722651","226350641778331213748279523165722713467","43003450584514283016579238063997127034"]},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-790cd4f1","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/core/global_data.c","function":"dump_global_data"},"digest":{"length":11405,"function_hash":"253189801050755831469685046817631964963"},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-a350a0a5","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/include/global_data.h"},"digest":{"threshold":0.9,"line_hashes":["115993456534699753105835372719280520515","215383066668614989919288220004578046985","161057594907425301382494101764736548636","244708351257279300474207984398961984547"]},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-ad3ee6f7","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/core/main.c","function":"parse_cmdline"},"digest":{"length":8169,"function_hash":"310387808491883105455550325169921927762"},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-b18659ea","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/include/main.h"},"digest":{"threshold":0.9,"line_hashes":["337653497298110666580202985004429089358","170704596997147332243057019706677328605"]},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-b3d80d98","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/core/main.c","function":"usage"},"digest":{"length":5374,"function_hash":"77971988854969989463001220473955821334"},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-c47a62cc","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/core/global_parser.c","function":"init_global_keywords"},"digest":{"length":6202,"function_hash":"101785376052936907033871900403712001948"},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-d558c765","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"target":{"file":"keepalived/core/global_data.c"},"digest":{"threshold":0.9,"line_hashes":["30660773896102251192845796366333662861","31907802267868088606451189360931956773","292768228736455442841686553396999304156"]},"source":"https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067","id":"CVE-2018-19045-fcad905e","signature_type":"Line","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}