Candidate: CVE-2019-14241
PublicDate: 2019-07-23 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14241
 https://github.com/haproxy/haproxy/issues/181
Description:
 HAProxy through 2.0.2 allows attackers to cause a denial of service
 (ha_panic) via vectors related to htx_manage_client_side_cookies in
 proto_htx.c.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_haproxy:
 upstream: https://github.com/haproxy/haproxy/commit/f0f42389772b2303b162e929449a36b33e181c5f
upstream_haproxy: not-affected (debian: Vulnerable code not present)
precise/esm_haproxy: DNE
trusty_haproxy: ignored (out of standard support)
trusty/esm_haproxy: DNE
xenial_haproxy: not-affected (code not present)
esm-infra/xenial_haproxy: not-affected (code not present)
bionic_haproxy: not-affected (code not present)
disco_haproxy: not-affected (code not present)
devel_haproxy: released (2.0.1-1ubuntu2)