Lucene search
K

5 matches found

Check Point Advisories
Check Point Advisories
added 2019/02/18 12:0 a.m.4 views

HAProxy HTTP2 Frame Size Heap Buffer Overflow (CVE-2018-10184)

A heap-based buffer overflow vulnerability exists in HAProxy. The vulnerability is due to incorrect validation of frame length on incoming HTTP/2 frames. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target server...

5CVSS7.6AI score0.0843EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/18 7:15 p.m.30 views

Security Bulletin: A security vulnerability has been identified in HAProxy shipped with Data Science Experience Local

Summary HAProxy is shipped as a component of Data Science Experience Local. Information about a security vulnerability affecting HAProxy has been published in a security bulletin. Vulnerability Details Please consult the security bulletins: CVE-2018-10184, CVE-2018-11469 for vulnerability details...

7.5CVSS1.4AI score0.0843EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2018/05/14 9:12 a.m.66 views

Important: Red Hat Security Advisory: rh-haproxy18-haproxy security update

An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.3AI score0.0843EPSS
Exploits0References2
OSV
OSV
added 2018/05/09 7:29 a.m.7 views

CVE-2018-10184

An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the maxframesize setting instead of being checked against the bufsize. The maxframesize only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the...

7.5CVSS7.8AI score
Exploits0References3
CVE
CVE
added 2018/05/09 7:0 a.m.266 views

CVE-2018-10184

HAProxy before 1.8.8 is affected by CVE-2018-10184. The vulnerability arises from validating incoming HTTP/2 frame length against max_frame_size (outgoing scope) rather than against bufsize; if a large frame is advertised, a wrapped frame can be defragmented into a temporary buffer, potentially a...

7.5CVSS7.7AI score0.0843EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder