CVSS: 8.6EPSS: 5%CPEs: 5EXPL: 0CVE-2018-10184 – haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10184
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain. Se ha descubierto un problema en versiones anteriores a la 1.8.8 de HAProxy. • http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28 http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588 https://access.redhat.com/errata/RHSA-2018:1372 https://access.redhat.com/security/cve/CVE-2018-10184 https://bugzilla.redhat.com/show_bug.cgi?id=1569297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.0EPSS: 4%CPEs: 51EXPL: 0CVE-2013-2175 – haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service
https://notcve.org/view.php?id=CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. HAProxy 1.4 anteiror a 1.4.24 y 1.5 anteiror a 1.5-dev19, cuando es configurado para usar el hdr_ip u otras funciones "hdr_*" con una cuenta de ocurrencia negativa, permite a atacantes remotos provocar una denegación de servicio (uso de indexación negativa de array y caída) a través de una cabecera HTTP con un número determinado de valores. Relacionado con la variable MAX_HDR_HISTORY. • http://marc.info/?l=haproxy&m=137147915029705&w=2 http://rhn.redhat.com/errata/RHSA-2013-1120.html http://rhn.redhat.com/errata/RHSA-2013-1204.html http://secunia.com/advisories/54344 http://www.debian.org/security/2013/dsa-2711 http://www.ubuntu.com/usn/USN-1889-1 https://bugzilla.redhat.com/show_bug.cgi?id=974259 https://access.redhat.com/security/cve/CVE-2013-2175 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 9%CPEs: 5EXPL: 0CVE-2013-1912 – haproxy: rewrite rules flaw can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2013-1912
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. Desbordamiento de búfer en HAProxy v1.4 y v1.5 mediante v1.5-dev17 través de 1.5-dev17 al mantenimiento de conexión está habilitado, mediante palabras clave HTTP en las reglas de inspección de TCP, y corriendo con las reglas con reescritura, que se anexan a las solicitudes, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de peticiones pipeline HTTP diseñadas a medida que se produzca la realineación. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103770.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html http://rhn.redhat.com/errata/RHSA-2013-0729.html http://rhn.redhat.com/errata/RHSA-2013-0868.html http://secunia.com/advisories/52725 http://www.debian.org/security/2013/dsa-2711 http://www.openwall.com/lists/oss-security/2013/04/03/1 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 10%CPEs: 1EXPL: 0CVE-2012-2942
https://notcve.org/view.php?id=CVE-2012-2942
Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el trash buffer en la funcionalidad de captura de cabecera en HAProxy antes v1.4.21, cuando global.tune.bufsize se establece en un valor mayor que el valor predeterminado y la reescritura de cabecera está activada, permite a atacantes remotos provocar una denegación de servicio y, posiblemente, ejecutar código arbitrario a través de vectores no especificados. • http://haproxy.1wt.eu/#news http://haproxy.1wt.eu/download/1.4/src/CHANGELOG http://haproxy.1wt.eu/git?p=haproxy-1.4.git%3Ba=commit%3Bh=30297cb17147a8d339eb160226bcc08c91d9530b http://secunia.com/advisories/49261 http://security.gentoo.org/glsa/glsa-201301-02.xml http://www.debian.org/security/2013/dsa-2711 http://www.openwall.com/lists/oss-security/2012/05/23/12 http://www.openwall.com/lists/oss-security/2012/05/23/15 http://www.openwall.com/lists/oss-security&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •