First published: Wed Dec 12 2018(Updated: )
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Haproxy Haproxy | <=1.8.14 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Redhat Openshift Container Platform | =3.11 | |
redhat/haproxy | <1.8.15 | 1.8.15 |
ubuntu/haproxy | <1.8.8-1ubuntu0.3 | 1.8.8-1ubuntu0.3 |
ubuntu/haproxy | <1.8.13-2ubuntu0.1 | 1.8.13-2ubuntu0.1 |
ubuntu/haproxy | <1.8.15-1 | 1.8.15-1 |
ubuntu/haproxy | <1.6.3-1ubuntu0.2 | 1.6.3-1ubuntu0.2 |
debian/haproxy | 2.2.9-2+deb11u6 2.6.12-1+deb12u1 2.9.9-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20102 is an out-of-bounds read vulnerability discovered in HAProxy through version 1.8.14.
CVE-2018-20102 has a severity score of 7.5, which is considered high.
The affected software includes HAProxy versions 1.8.14 to 1.8.19, 2.2.9, 2.6.12, and 2.6.15.
To fix CVE-2018-20102, update HAProxy to version 1.8.19-1+deb10u3, 1.8.19-1+deb10u4, 2.2.9-2+deb11u5, 2.6.12-1, or 2.6.15-1.
You can find more information about CVE-2018-20102 in the references provided: http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0, http://www.securityfocus.com/bid/106223, https://access.redhat.com/errata/RHBA-2019:0326