CVE-2019-14241
https://notcve.org/view.php?id=CVE-2019-14241
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. HAProxy hasta versión 2.0.2, permite a los atacantes causar una denegación de servicio (ha_panic) por medio de vectores relacionados con la función htx_manage_client_side_cookies en el archivo proto_htx.c. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00062.html http://www.securityfocus.com/bid/109352 https://github.com/haproxy/haproxy/issues/181 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-11323
https://notcve.org/view.php?id=CVE-2019-11323
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error. HAProxy versión anterior a 1.9.7, maneja de forma incorrecta una recarga con teclas giradas, lo que desencadena el uso de las teclas HMAC sin inicializar y muy predecibles. Esto está relacionado con un fallo del archivo include/types/ssl_sock.h. • http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=8ef706502aa2000531d36e4ac56dbdc7c30f718d https://www.mail-archive.com/haproxy%40formilux.org/msg33410.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-908: Use of Uninitialized Resource •
CVE-2018-20615 – haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
https://notcve.org/view.php?id=CVE-2018-20615
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. Se ha descubierto un problema de lectura fuera de límites en el decodificador del protocolo HTTP/2 en HAProxy, en versiones 1.8.x y 1.9.x hasta la 1.9.0, lo que puede resultar en un cierre inesperado. El procesamiento del flag PRIORITY en un frame HEADERS requiere 5 bytes adicionales y, aunque se omiten estos bytes, la longitud total del frame no se volvió a comprobar para asegurar que estaban presentes en la trama. A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html http://www.securityfocus.com/bid/106645 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0275 https://usn.ubuntu.com/3858-1 https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html https://access.redhat.com/security/cve/CVE-2018-20615 https://bugzilla.redhat.com/show_bug.cgi?id=1663060 • CWE-125: Out-of-bounds Read •
CVE-2018-20102 – haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure
https://notcve.org/view.php?id=CVE-2018-20102
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. Se ha descubierto una lectura fuera de límites en dns_validate_dns_response en dns.c en HAProxy hasta la versión 1.8.14. Debido a la falta de una comprobación al validar respuestas DNS, los atacantes remotos pueden leer los 16 bits que corresponden a un registro AAAA de la parte no inicializada del búfer, pudiendo acceder a cualquier cosa que haya quedado en la pila, o incluso más allá del final del búfer de 8193 bytes, dependiendo del valor de accepted_payload_size. • http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=efbbdf72992cd20458259962346044cafd9331c0 http://www.securityfocus.com/bid/106223 https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:1436 https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html https://usn.ubuntu.com/3858-1 https://access.redhat.com/security/cve/CVE-2018-20102 https://bugzilla.redhat.com/show_bug.cgi?id=1658874 • CWE-125: Out-of-bounds Read •
CVE-2018-20103 – haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service
https://notcve.org/view.php?id=CVE-2018-20103
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. Se ha descubierto un problema en dns.c en HAProxy hasta la versión 1.8.14. En el caso de un puntero comprimido, un paquete manipulado puede desencadenar una recursión infinita haciendo que el puntero se señale a sí mismo o cree una cadena larga de punteros válidos, lo que resulta en el agotamiento de la pila. • http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=58df5aea0a0c926b2238f65908f5e9f83d1cca25 http://www.securityfocus.com/bid/106280 https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:1436 https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html https://usn.ubuntu.com/3858-1 https://access.redhat.com/security/cve/CVE-2018-20103 https://bugzilla.redhat.com/show_bug.cgi?id=1658876 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •