PT-2018-3534 · Haproxy+3 · Haproxy+3

Publicado

2018-12-12

·

Atualizado

2024-06-15

·

CVE-2018-20103

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: HAProxy versions prior to 1.8.15
Description: The issue is related to a crafted packet that can trigger infinite recursion or create a long chain of valid pointers, resulting in stack exhaustion. This can be exploited by a remote attacker to cause a denial of service.
Recommendations: For HAProxy versions prior to 1.8.15, update to version 1.8.15 or later to resolve the issue. At the moment, there is no other information about additional mitigation measures for this vulnerability.

Correção

Infinite Loop

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835CWE-400

Identificadores relacionados

ALT-PU-2019-1002
BDU:2020-03308
CVE-2018-20103
DLA-3034-1
OPENSUSE-SU-2019:0044-1
OPENSUSE-SU-2019_0044-1
OPENSUSE-SU-2024:10839-1
RHSA-2019:1436
SUSE-SU-2019:0061-1
USN-3858-1

Produtos afetados

Alt Linux
Haproxy
Suse
Ubuntu