7.5

CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

Data is provided by the National Vulnerability Database (NVD)
HaproxyHaproxy Version >= 1.8.0 <= 1.8.19
HaproxyHaproxy Version1.9.0 Update-
HaproxyHaproxy Version1.9.0 Updatedev0
HaproxyHaproxy Version1.9.0 Updatedev1
HaproxyHaproxy Version1.9.0 Updatedev10
HaproxyHaproxy Version1.9.0 Updatedev11
HaproxyHaproxy Version1.9.0 Updatedev2
HaproxyHaproxy Version1.9.0 Updatedev3
HaproxyHaproxy Version1.9.0 Updatedev4
HaproxyHaproxy Version1.9.0 Updatedev5
HaproxyHaproxy Version1.9.0 Updatedev6
HaproxyHaproxy Version1.9.0 Updatedev7
HaproxyHaproxy Version1.9.0 Updatedev8
HaproxyHaproxy Version1.9.0 Updatedev9
OpensuseLeap Version15.0
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version7.4
RedhatEnterprise Linux Version7.5
RedhatEnterprise Linux Version7.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.17% 0.392
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://usn.ubuntu.com/3858-1/
Third Party Advisory
http://www.securityfocus.com/bid/106645
Third Party Advisory
VDB Entry