Bug 1658876 (CVE-2018-20103) - CVE-2018-20103 haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service
Summary: CVE-2018-20103 haproxy: Infinite recursion via crafted packet allows stack ex...
Status: CLOSED ERRATA
Alias: CVE-2018-20103
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20181212,repo...
Keywords: Security
Depends On: 1658881 1659018 1659019 1660100 1660101 1660102 1660103
Blocks: 1658879
TreeView+ depends on / blocked
 
Reported: 2018-12-13 05:04 UTC by Sam Fowler
Modified: 2019-07-12 13:06 UTC (History)
20 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-07-12 13:06:25 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1436 None None None 2019-06-11 12:01 UTC

Description Sam Fowler 2018-12-13 05:04:27 UTC
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.


Upstream Patch:

http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea

Comment 1 Sam Fowler 2018-12-13 05:14:54 UTC
Created haproxy tracking bugs for this issue:

Affects: fedora-all [bug 1658881]

Comment 2 Sam Fowler 2018-12-13 05:34:24 UTC
External Reference:

https://www.mail-archive.com/haproxy@formilux.org/msg32055.html

Comment 3 Stefan Cornelius 2018-12-13 11:00:44 UTC
Statement:

This issue did not affect the versions of haproxy as shipped with Red Hat Enterprise Linux 6 and 7.

Comment 6 errata-xmlrpc 2019-06-11 12:01:31 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1436 https://access.redhat.com/errata/RHSA-2019:1436

Comment 7 Product Security DevOps Team 2019-07-12 13:06:25 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-20103


Note You need to log in before you can comment on or make changes to this bug.