CVE-2018-20615
21.03.2019, 16:00
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.Enginsight
| Vendor | Product | Version |
|---|---|---|
| haproxy | haproxy | 1.8.0 ≤ 𝑥 ≤ 1.8.19 |
| haproxy | haproxy | 1.9.0 |
| haproxy | haproxy | 1.9.0:dev0 |
| haproxy | haproxy | 1.9.0:dev1 |
| haproxy | haproxy | 1.9.0:dev10 |
| haproxy | haproxy | 1.9.0:dev11 |
| haproxy | haproxy | 1.9.0:dev2 |
| haproxy | haproxy | 1.9.0:dev3 |
| haproxy | haproxy | 1.9.0:dev4 |
| haproxy | haproxy | 1.9.0:dev5 |
| haproxy | haproxy | 1.9.0:dev6 |
| haproxy | haproxy | 1.9.0:dev7 |
| haproxy | haproxy | 1.9.0:dev8 |
| haproxy | haproxy | 1.9.0:dev9 |
| opensuse | leap | 15.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| redhat | openshift_container_platform | 3.11 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 7.4 |
| redhat | enterprise_linux | 7.5 |
| redhat | enterprise_linux | 7.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References