Published: 21/09/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A flaw exists in the HPACK decoder of HAProxy, prior to 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy
canonical ubuntu linux 18.04
redhat enterprise linux 7.4
redhat enterprise linux 7.0
redhat enterprise linux 7.3
redhat enterprise linux 7.5
redhat openshift container platform 3.9
redhat enterprise linux 7.6
redhat openshift 3.10

Synopsis Important: rh-haproxy18-haproxy security update Type/Severity Security Advisory: Important Topic An update for rh-haproxy18-haproxy is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

HAProxy could be made to crash if it received a specially crafted request ...

A flaw was discovered in the HPACK decoder of haproxy, before 1814, that is used for HTTP/2 An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service ...

CWE-125 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645 https://usn.ubuntu.com/3780-1/https://access.redhat.com/errata/RHSA-2018:2882 https://access.redhat.com/errata/RHBA-2019:0028 https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html https://access.redhat.com/errata/RHSA-2018:2882 https://usn.ubuntu.com/3780-1/https://nvd.nist.gov

CVE-2018-14645

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect