HAProxy 1.8.x before version 1.8.8 is vulnerable to a heap-based buffer overflow in the mux_h2.c:h2_process_demux() function. A remote attacker could exploit this to overflow the heap by 16kb to cause a denial of service or other potential unspecified impact.
Created attachment 1423836 [details] Upstream patch
This is now public, upstream reference: https://www.haproxy.org/download/1.8/src/CHANGELOG
This flaw is present in HTTP/2 functionality, which does not exist in haproxy-1.5 as distributed in Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 6.
Upstream commit: http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588
Rejecting CVE-2018-1119 in favour of CVE-2018-10184 that Mitre assigned.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:1372 https://access.redhat.com/errata/RHSA-2018:1372