CVE-2018-20102
haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.
Se ha descubierto una lectura fuera de límites en dns_validate_dns_response en dns.c en HAProxy hasta la versión 1.8.14. Debido a la falta de una comprobación al validar respuestas DNS, los atacantes remotos pueden leer los 16 bits que corresponden a un registro AAAA de la parte no inicializada del búfer, pudiendo acceder a cualquier cosa que haya quedado en la pila, o incluso más allá del final del búfer de 8193 bytes, dependiendo del valor de accepted_payload_size.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-12 CVE Reserved
- 2018-12-12 CVE Published
- 2024-06-13 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=efbbdf72992cd20458259962346044cafd9331c0 | X_refsource_misc | |
http://www.securityfocus.com/bid/106223 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHBA-2019:0326 | 2023-11-07 | |
https://access.redhat.com/errata/RHBA-2019:0327 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2019:1436 | 2023-11-07 | |
https://usn.ubuntu.com/3858-1 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2018-20102 | 2019-06-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1658874 | 2019-06-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | <= 1.8.14 Search vendor "Haproxy" for product "Haproxy" and version " <= 1.8.14" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
|