CVE-2018-20102

Published: 12 December 2018

An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
haproxy Launchpad, Ubuntu, Debian	bionic	Released (1.8.8-1ubuntu0.3)
	cosmic	Released (1.8.13-2ubuntu0.1)
	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Released (1.8.15-1)
	xenial	Released (1.6.3-1ubuntu0.2)
	Patches: upstream: http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›