Published: 12/12/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An out-of-bounds read in dns_validate_dns_response in dns.c exists in HAProxy up to and including 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
redhat openshift container platform 3.11

Synopsis Moderate: rh-haproxy18-haproxy security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-haproxy18-haproxy is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Com ...

Several security issues were fixed in HAProxy ...

Debian Bug report logs - #916308 haproxy: CVE-2018-20102 Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 12 Dec 2018 21:00:02 UTC Severity: grave Tags: patch, security, upstream Found in vers ...

Debian Bug report logs - #916307 haproxy: CVE-2018-20103 Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 12 Dec 2018 20:51:08 UTC Severity: important Tags: patch, security, upstream Found in ...

An out-of-bounds read in dns_validate_dns_response in dnsc was discovered in HAProxy through 1814 Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past ...

A stack-based out-of-bounds read has been found in HAProxy before 1815, in the dns_validate_dns_response() function in dnsc, where it can be triggered by a crafted DNS packet ...

CWE-125 http://www.securityfocus.com/bid/106223 https://usn.ubuntu.com/3858-1/https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:1436 https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=efbbdf72992cd20458259962346044cafd9331c0 https://access.redhat.com/errata/RHSA-2019:1436 https://usn.ubuntu.com/3858-1/https://nvd.nist.gov

CVE-2018-20102

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect