{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.4.41" }, { "introduced": "0" }, { "last_affected": "1.5.0-rc1" }, { "introduced": "0" }, { "last_affected": "1.5.0-rc2" }, { "introduced": "0" }, { "last_affected": "1.5.0-rc3" }, { "introduced": "0" }, { "last_affected": "1.5.0-rc4" }, { "introduced": "0" }, { "last_affected": "1.5.0-rc5" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "4c94f0da251caa002f65da873b9282fd91d7668a" }, { "introduced": "0" }, { "last_affected": "0d47738b6c129f556c67eba4358c061d062bba6e" }, { "introduced": "0" }, { "last_affected": "42ccfaab129506c80f989a2f239b99dd6bd75ef3" }, { "introduced": "0" }, { "last_affected": "2ea7eae744b93e9aaa5c297285fee332f2e89e3a" }, { "introduced": "0" }, { "last_affected": "7d8e3fa1735073f041bbd175053cc62dc5983548" }, { "introduced": "0" }, { "last_affected": "a71750f9a6d3ab3306b255ab4fc3a514adab6f2f" } ], "repo": "https://github.com/litespeedtech/openlitespeed", "type": "GIT" } ] } ], "details": "The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.", "id": "CVE-2018-19792", "modified": "2026-03-13T21:49:26.067176175Z", "published": "2018-12-03T06:29:00.460Z", "references": [ { "type": "EVIDENCE", "url": "https://github.com/litespeedtech/openlitespeed/issues/117" } ], "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }