CVE-2018-20615

Priority
Description
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder
in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The
processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes,
and while these bytes are skipped, the total frame length was not
re-checked to make sure they were present in the frame.
Assigned-to
leosilva
Notes
Package
Upstream:released (1.8.16-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.8.8-1ubuntu0.3)
Patches:
Upstream:https://github.com/haproxy/haproxy/commit/a01f45e3ced23c799f6e78b5efdbd32198a75354
More Information

Updated: 2020-07-28 20:04:52 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)