1658876 – (CVE-2018-20103) CVE-2018-20103 haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

Bug 1658876 (CVE-2018-20103) - CVE-2018-20103 haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

Summary: CVE-2018-20103 haproxy: Infinite recursion via crafted packet allows stack ex...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-20103
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1658881 1659018 1659019 1660100 1660101 1660102 1660103
Blocks:	1658879
TreeView+	depends on / blocked

Reported:	2018-12-13 05:04 UTC by Sam Fowler
Modified:	2021-02-16 22:39 UTC (History)
CC List:	20 users (show)
Fixed In Version:	haproxy 1.8.15
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-07-12 13:06:25 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:1436	0	None	None	None	2019-06-11 12:01:33 UTC

Description Sam Fowler 2018-12-13 05:04:27 UTC

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.


Upstream Patch:

http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea

Comment 1 Sam Fowler 2018-12-13 05:14:54 UTC

Created haproxy tracking bugs for this issue:

Affects: fedora-all [bug 1658881]

Comment 2 Sam Fowler 2018-12-13 05:34:24 UTC

External Reference:

https://www.mail-archive.com/haproxy@formilux.org/msg32055.html

Comment 3 Stefan Cornelius 2018-12-13 11:00:44 UTC

Statement:

This issue did not affect the versions of haproxy as shipped with Red Hat Enterprise Linux 6 and 7.

Comment 6 errata-xmlrpc 2019-06-11 12:01:31 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1436 https://access.redhat.com/errata/RHSA-2019:1436

Comment 7 Product Security DevOps Team 2019-07-12 13:06:25 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-20103

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
ahardin
bleanhar
bperkins
carl
ccoleman
dbaker
dedgar
eparis
hhorak
jeremy
jgoulding
jokerman
jorton
mchappel
pasik
rohara
sfowler
sthangav
trankin