PT-2018-3534 · Haproxy+3 · Haproxy+3

Published

2018-12-12

·

Updated

2024-06-15

·

CVE-2018-20103

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: HAProxy versions prior to 1.8.15
Description: The issue is related to a crafted packet that can trigger infinite recursion or create a long chain of valid pointers, resulting in stack exhaustion. This can be exploited by a remote attacker to cause a denial of service.
Recommendations: For HAProxy versions prior to 1.8.15, update to version 1.8.15 or later to resolve the issue. At the moment, there is no other information about additional mitigation measures for this vulnerability.

Fix

Infinite Loop

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-400

Related Identifiers

ALT-PU-2019-1002
BDU:2020-03308
CVE-2018-20103
DLA-3034-1
OPENSUSE-SU-2019:0044-1
OPENSUSE-SU-2019_0044-1
OPENSUSE-SU-2024:10839-1
RHSA-2019:1436
SUSE-SU-2019:0061-1
USN-3858-1

Affected Products

Alt Linux
Haproxy
Suse
Ubuntu