Remote Code Execution (RCE)

haproxy is vulnerable to remote code execution RCE attacks. The vulnerability exists through a buffer overflow issue in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appen...

openSUSE Security Update : haproxy (openSUSE-2019-44)

This update for haproxy to version 1.8.15 fixes the following issues : Security issues fixed : - CVE-2018-20102: Fixed an out-of-bounds read in dnsvalidatednsresponse, which allowed for memory disclosure bsc1119368 - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack...

openSUSE: Security Advisory for haproxy (openSUSE-SU-2019:0044-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for haproxy FEDORA-2018-2abadd4469

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for haproxy (important)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:0044-1 Rating: important References: 1119368 1119419 Cross-References: CVE-2018-20102 CVE-2018-20103 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description...

[SECURITY] Fedora 29 Update: haproxy-1.8.15-1.fc29

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

SUSE-SU-2019:0061-1 Security update for haproxy

This update for haproxy to version 1.8.15 fixes the following issues: Security issues fixed: - CVE-2018-20102: Fixed an out-of-bounds read in dnsvalidatednsresponse, which allowed for memory disclosure bsc1119368 - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack...

haproxy: Out-of-bounds read in HPACK decoder

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

CVE-2018-20615

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

Fedora 29 : haproxy (2018-0b038c7047)

Update to 1.8.14, which includes fix for CVE-2018-14645. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : haproxy (2018-3564527be4)

Update to 1.8.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 28 : haproxy (2018-381ab64b59)

Update to 1.8.14, which includes fix for CVE-2018-14645. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : haproxy (2018-941d094624)

Update to 1.8.12 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

UBUNTU-CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

Important Photon OS Security Update - PHSA-2018-0198

Updates of 'haproxy', 'linux', 'linux-esx', 'libtirpc' packages of Photon OS have been released...

CVE-2018-20103

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

Design/Logic Flaw

An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing...

CVE-2018-20102

An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing...

DEBIAN-CVE-2018-20102

An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing...