CVE-2018-14645 — Out-of-bounds Read in Haproxy

CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 54.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haproxy Canonical Ubuntu Linux Redhat Enterprise Linux +2 more

Timeline

PublishedSep 21

Latest updateMay 14

Description

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianhaproxy/haproxy< 1.8.13-2+3

▶NVDhaproxy/haproxy1.8.14

▶NVDredhat/openshift3.10

Also affects: Ubuntu Linux 18.04, Enterprise Linux 7.0, 7.3, 7.4, 7.5, 7.6, Openshift Container Platform 3.9

🔴Vulnerability Details

GHSA

GHSA-gr9c-vx25-2fh5: A flaw was discovered in the HPACK decoder of HAProxy, before 1↗2022-05-14

▶

CVEList

CVE-2018-14645: A flaw was discovered in the HPACK decoder of HAProxy, before 1↗2018-09-21

▶

OSV

CVE-2018-14645: A flaw was discovered in the HPACK decoder of HAProxy, before 1↗2018-09-21

▶

📋Vendor Advisories

Ubuntu

HAProxy vulnerability↗2018-10-02

▶

Red Hat

haproxy: Out-of-bounds read in HPACK decoder↗2018-09-20

▶

Debian

CVE-2018-14645: haproxy - A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is us...↗2018

▶

💬Community

Bugzilla

CVE-2018-14645 haproxy: Out-of-bounds read in HPACK decoder [fedora-all]↗2018-09-20

▶

Bugzilla

CVE-2018-14645 haproxy: Out-of-bounds read in HPACK decoder↗2018-09-17

▶