Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALASHAPROXY2-2023-002

Related Vulnerabilities: CVE-2018-20102   CVE-2023-0836  

An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. (CVE-2018-20102) The upstream bug report describes this issue as follows: An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. (CVE-2023-0836)

Source

ALASHAPROXY2-2023-002

Amazon Linux 2 Security Advisory: ALASHAPROXY2-2023-002
Advisory Release Date: 2023-08-04 20:34 Pacific
Advisory Updated Date: 2023-09-25 22:11 Pacific
Severity: Important
Issue Overview:

An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. (CVE-2018-20102)

The upstream bug report describes this issue as follows:

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. (CVE-2023-0836)


Affected Packages:

haproxy2


Issue Correction:
Run yum update haproxy2 to update your system.

New Packages:
aarch64:
    haproxy2-2.2.17-1.amzn2.0.6.aarch64
    haproxy2-debuginfo-2.2.17-1.amzn2.0.6.aarch64

i686:
    haproxy2-2.2.17-1.amzn2.0.6.i686
    haproxy2-debuginfo-2.2.17-1.amzn2.0.6.i686

src:
    haproxy2-2.2.17-1.amzn2.0.6.src

x86_64:
    haproxy2-2.2.17-1.amzn2.0.6.x86_64
    haproxy2-debuginfo-2.2.17-1.amzn2.0.6.x86_64

Additional References

Red Hat: CVE-2018-20102, CVE-2023-0836

Mitre: CVE-2018-20102, CVE-2023-0836

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started