← Back

CVE-2018-14645

nvd nist
Published: Sep 21, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

Affected (9)

Haproxy
1 product
Haproxy
Canonical
1 product
Ubuntu Linux
Redhat
3 products
Enterprise Linux
Openshift
Openshift Container Platform
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Haproxy
Up to 1.8.14
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 18.04
Configuration C
7 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 7.0
Enterprise Linux
Version 7.3
Enterprise Linux
Version 7.4
Enterprise Linux
Version 7.5
Enterprise Linux
Version 7.6
Openshift
Version 3.10
Openshift Container Platform
Version 3.9

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (10)

Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingMitigationThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.