5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
65.7%
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that
is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx()
resulted in a remote crash and denial of service.
Author | Note |
---|---|
leosilva | only affected 1.8.x. |
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645
git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
launchpad.net/bugs/cve/CVE-2018-14645
nvd.nist.gov/vuln/detail/CVE-2018-14645
security-tracker.debian.org/tracker/CVE-2018-14645
ubuntu.com/security/notices/USN-3780-1
www.cve.org/CVERecord?id=CVE-2018-14645
www.mail-archive.com/[email protected]/msg31253.html
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
65.7%