Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-20615

Опубликовано: 21 мар. 2019
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
Версия от 1.8.0 (включая) до 1.8.19 (включая)
cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*

EPSS

Процентиль: 39%
0.00172
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2018-20615

CVSS3: 7.5
ubuntu
почти 7 лет назад

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

redhat логотип

CVE-2018-20615

CVSS3: 7.5
redhat
около 7 лет назад

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

debian логотип

CVE-2018-20615

CVSS3: 7.5
debian
почти 7 лет назад

An out-of-bounds read issue was discovered in the HTTP/2 protocol deco ...

suse-cvrf логотип

openSUSE-SU-2019:0166-1

suse-cvrf
почти 7 лет назад

Security update for haproxy

suse-cvrf логотип

SUSE-SU-2019:0232-1

suse-cvrf
около 7 лет назад

Security update for haproxy

EPSS

Процентиль: 39%
0.00172
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125