A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
2018-09-21T13:29:00.453
2024-11-21T03:49:29.800
Modified
CVSSv3.0: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | haproxy | haproxy | ≤ 1.8.14 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Application | redhat | openshift | 3.10 | Yes |
| Application | redhat | openshift_container_platform | 3.9 | Yes |
| Operating System | redhat | enterprise_linux | 7.0 | Yes |
| Operating System | redhat | enterprise_linux | 7.3 | Yes |
| Operating System | redhat | enterprise_linux | 7.4 | Yes |
| Operating System | redhat | enterprise_linux | 7.5 | Yes |
| Operating System | redhat | enterprise_linux | 7.6 | Yes |