haproxy haproxy CVE-2018-20615 vulnerability in HAProxy and Other Products
Published on March 21, 2019

product logo product logo product logo product logo
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2018-20615

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-20615 are published in these products:

HAProxy
 
Red Hat Openshift Container Platform
 
Canonical Ubuntu Linux
 
OpenSuse Leap
 
Red Hat Enterprise Linux (RHEL)
 

Exploit Probability

EPSS
0.17%
Percentile
37.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.