An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.
References
Link | Resource |
---|---|
http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=efbbdf72992cd20458259962346044cafd9331c0 | |
http://www.securityfocus.com/bid/106223 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHBA-2019:0326 | Third Party Advisory |
https://access.redhat.com/errata/RHBA-2019:0327 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:1436 | |
https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html | |
https://usn.ubuntu.com/3858-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-12T17:00:00
Updated: 2022-05-30T18:06:14
Reserved: 2018-12-12T00:00:00
Link: CVE-2018-20102
JSON object: View
NVD Information
Status : Modified
Published: 2018-12-12T17:29:00.247
Modified: 2023-11-07T02:56:11.660
Link: CVE-2018-20102
JSON object: View
Redhat Information
No data.
CWE