#VU17107 Out-of-bounds read in HAProxy - CVE-2018-20615

Cybersecurity Help s.r.o.

Published: 2019-01-22

Vulnerability identifier: #VU17107

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-20615

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
HAProxy
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: HAProxy

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect frame length validation when processing headers with priority flags set. A remote attacker can send a specially crafted HTTP/2 request, trigger our-of-bounds read and crash the affected application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

HAProxy: 1.8.0 - 1.8.16

External links
https://www.mail-archive.com/haproxy@formilux.org/msg32304.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for OpenShift Container Platform 3.10 haproxy

Red Hat update for OpenShift Container Platform 3.9 haproxy

OpenSUSE Linux update for haproxy

Red Hat Software Collections update for rh-haproxy18-haproxy

Denial of service in HAProxy

Ubuntu update for HAProxy