CVE-2018-20615 (retired)

Priority
Description
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder
in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The
processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes,
and while these bytes are skipped, the total frame length was not
re-checked to make sure they were present in the frame.
Assigned-to
leosilva
Package
Upstream:released (1.8.16-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.8.8-1ubuntu0.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.8.13-2ubuntu0.1)
Ubuntu 19.04 (Disco Dingo):released (1.8.17-1)
Patches:
Upstream:https://github.com/haproxy/haproxy/commit/a01f45e3ced23c799f6e78b5efdbd32198a75354
More Information

Updated: 2019-03-29 02:14:58 UTC (commit 4f84fe790cebaab8768c0c369531aca9c55f7450)