// For flags

CVE-2018-20615

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

Se ha descubierto un problema de lectura fuera de límites en el decodificador del protocolo HTTP/2 en HAProxy, en versiones 1.8.x y 1.9.x hasta la 1.9.0, lo que puede resultar en un cierre inesperado. El procesamiento del flag PRIORITY en un frame HEADERS requiere 5 bytes adicionales y, aunque se omiten estos bytes, la longitud total del frame no se volvió a comprobar para asegurar que estaban presentes en la trama.

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Those who do not use HTTP/2 are unaffected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-31 CVE Reserved
  • 2019-02-05 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-11-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
>= 1.8.0 <= 1.8.19
Search vendor "Haproxy" for product "Haproxy" and version " >= 1.8.0 <= 1.8.19"
-
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
-
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev0
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev1
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev10
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev11
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev2
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev3
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev4
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev5
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev6
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev7
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev8
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.9.0
Search vendor "Haproxy" for product "Haproxy" and version "1.9.0"
dev9
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.0
Search vendor "Opensuse" for product "Leap" and version "15.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
18.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10"
-
Affected
Redhat
Search vendor "Redhat"
Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
3.11
Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.4
Search vendor "Redhat" for product "Enterprise Linux" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.5
Search vendor "Redhat" for product "Enterprise Linux" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.6
Search vendor "Redhat" for product "Enterprise Linux" and version "7.6"
-
Affected