AVG-836

Package haproxy
Status Fixed
Severity Medium
Type denial of service
Affected 1.8.14-1
Fixed 1.9.0-1
Current 1.9.8-1 [community]
Ticket None
Created Tue Dec 18 13:09:24 2018
Issue Severity Remote Type Description
CVE-2018-20103 Medium Yes Denial of service
A stack-exhaustion issue has been found in HAProxy before 1.8.15, in the dns_read_name() function in dns.c, where an infinite recursion can be triggered via...
CVE-2018-20102 Low Yes Denial of service
A stack-based out-of-bounds read has been found in HAProxy before 1.8.15, in the dns_validate_dns_response() function in dns.c, where it can be triggered by...
Date Advisory Package Description
24 Jan 2019 ASA-201901-15 haproxy denial of service
References
https://www.mail-archive.com/haproxy@formilux.org/msg32055.html