Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20103

Опубликовано: 12 дек. 2018
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

Отчет

This issue did not affect the versions of haproxy as shipped with Red Hat Enterprise Linux 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6haproxyNot affected
Red Hat Enterprise Linux 7haproxyNot affected
Red Hat Enterprise Linux 8haproxyNot affected
Red Hat OpenShift Container Platform 3.10haproxyAffected
Red Hat OpenShift Container Platform 3.7haproxyAffected
Red Hat OpenShift Container Platform 3.9haproxyAffected
Red Hat OpenShift Container Platform 3.11atomic-enterprise-service-catalogFixedRHBA-2019:032620.02.2019
Red Hat OpenShift Container Platform 3.11atomic-openshiftFixedRHBA-2019:032620.02.2019
Red Hat OpenShift Container Platform 3.11atomic-openshift-cluster-autoscalerFixedRHBA-2019:032620.02.2019
Red Hat OpenShift Container Platform 3.11atomic-openshift-deschedulerFixedRHBA-2019:032620.02.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1658876haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

EPSS

Процентиль: 28%
0.001
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-20103

CVSS3: 7.5
ubuntu
около 7 лет назад

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

nvd логотип

CVE-2018-20103

CVSS3: 7.5
nvd
около 7 лет назад

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

debian логотип

CVE-2018-20103

CVSS3: 7.5
debian
около 7 лет назад

An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...

github логотип

GHSA-c9xx-94cr-x7xm

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

fstec логотип

BDU:2020-03308

CVSS3: 5.3
fstec
около 7 лет назад

Уязвимость компонента dns.c сетевого программного обеспечения HAProxy, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 28%
0.001
Низкий

7.5 High

CVSS3