{"id":"CVE-2018-19792","details":"The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.","modified":"2026-04-10T04:07:37.372597Z","published":"2018-12-03T06:29:00.460Z","references":[{"type":"EVIDENCE","url":"https://github.com/litespeedtech/openlitespeed/issues/117"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/litespeedtech/openlitespeed","events":[{"introduced":"0"},{"last_affected":"4c94f0da251caa002f65da873b9282fd91d7668a"},{"introduced":"0"},{"last_affected":"0d47738b6c129f556c67eba4358c061d062bba6e"},{"introduced":"0"},{"last_affected":"42ccfaab129506c80f989a2f239b99dd6bd75ef3"},{"introduced":"0"},{"last_affected":"2ea7eae744b93e9aaa5c297285fee332f2e89e3a"},{"introduced":"0"},{"last_affected":"7d8e3fa1735073f041bbd175053cc62dc5983548"},{"introduced":"0"},{"last_affected":"a71750f9a6d3ab3306b255ab4fc3a514adab6f2f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.41"},{"introduced":"0"},{"last_affected":"1.5.0-rc1"},{"introduced":"0"},{"last_affected":"1.5.0-rc2"},{"introduced":"0"},{"last_affected":"1.5.0-rc3"},{"introduced":"0"},{"last_affected":"1.5.0-rc4"},{"introduced":"0"},{"last_affected":"1.5.0-rc5"}]}}],"versions":["v1.0.4","v1.3","v1.3.2","v1.4.0","v1.4.1","v1.4.10","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.16","v1.4.17","v1.4.18","v1.4.18.1","v1.4.19","v1.4.2","v1.4.20","v1.4.21","v1.4.22","v1.4.23","v1.4.24","v1.4.25","v1.4.26","v1.4.27","v1.4.28","v1.4.29","v1.4.3","v1.4.30","v1.4.31","v1.4.32","v1.4.33","v1.4.34","v1.4.35","v1.4.36","v1.4.37","v1.4.38","v1.4.39","v1.4.4","v1.4.40","v1.4.41","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.5.0rc1","v1.5.0rc2","v1.5.0rc3","v1.5.0rc4","v1.5.0rc5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19792.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}