Bug 1733583 (CVE-2019-14241) - CVE-2019-14241 haproxy: DoS via vectors realted to htx_manage_client_side_cookies in proto_htx.c
Summary: CVE-2019-14241 haproxy: DoS via vectors realted to htx_manage_client_side_coo...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-14241
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1733584
Blocks: 1733585
TreeView+ depends on / blocked
 
Reported: 2019-07-26 15:59 UTC by Laura Pardo
Modified: 2019-09-29 15:18 UTC (History)
23 users (show)

Fixed In Version: haproxy 1.9.9, haproxy 2.0.3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-23 01:07:16 UTC


Attachments (Terms of Use)

Description Laura Pardo 2019-07-26 15:59:46 UTC
A vulnerability was found in HAProxy through 2.0.2. This allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.


References:
https://github.com/haproxy/haproxy/issues/181

Comment 1 Laura Pardo 2019-07-26 16:00:31 UTC
Created haproxy tracking bugs for this issue:

Affects: fedora-all [bug 1733584]

Comment 4 Summer Long 2019-07-29 05:21:30 UTC
Statement:

This flaw only affects haproxy v1.9.0-1.9.8 and  v2.0.0-2.0.2.  Red Hat Enterprise Linux, Red Hat Software Collections and Red Hat OpenStack Platform do not package these versions and are therefore not vulnerable to this flaw.

Comment 5 Product Security DevOps Team 2019-08-23 01:07:16 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14241


Note You need to log in before you can comment on or make changes to this bug.