5 matches found
HAProxy HTTP2 Frame Size Heap Buffer Overflow (CVE-2018-10184)
A heap-based buffer overflow vulnerability exists in HAProxy. The vulnerability is due to incorrect validation of frame length on incoming HTTP/2 frames. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target server...
Security Bulletin: A security vulnerability has been identified in HAProxy shipped with Data Science Experience Local
Summary HAProxy is shipped as a component of Data Science Experience Local. Information about a security vulnerability affecting HAProxy has been published in a security bulletin. Vulnerability Details Please consult the security bulletins: CVE-2018-10184, CVE-2018-11469 for vulnerability details...
Important: Red Hat Security Advisory: rh-haproxy18-haproxy security update
An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2018-10184
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the maxframesize setting instead of being checked against the bufsize. The maxframesize only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the...
CVE-2018-10184
HAProxy before 1.8.8 is affected by CVE-2018-10184. The vulnerability arises from validating incoming HTTP/2 frame length against max_frame_size (outgoing scope) rather than against bufsize; if a large frame is advertised, a wrapped frame can be defragmented into a temporary buffer, potentially a...