#VU16547 Infinite loop in HAProxy - CVE-2018-20103

Cybersecurity Help s.r.o.

Published: 2018-12-14 | Updated: 2018-12-14

Vulnerability identifier: #VU16547

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-20103

CWE-ID: CWE-835

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
HAProxy
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: HAProxy

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the dns_read_name() function, as defined in the src/dns.c source code file due to an error when processing malicious input. A remote attacker can send a specially crafted packet that submits malicious input, make a compressed pointer point to itself trigger an infinite loop and cause the affected software to crash.

Mitigation
Update to version 1.18.15.

Vulnerable software versions

HAProxy: 1.0.0 - 1.0.2, 1.1.0 - 1.1.34, 1.2.0 - 1.2.18, 1.3.0 - 1.3.28.14, 1.4.0 - 1.4.27, 1.5.0 - 1.5.19, 1.6.0 - 1.6.14, 1.7.0 - 1.7.10, 1.8.0 - 1.8.14

External links
https://www.haproxy.org/download/1.8/src/CHANGELOG

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Software Collections update for rh-haproxy18-haproxy

Arch Linux update for haproxy

Ubuntu update for HAProxy

OpenSUSE Linux update for haproxy

Multiple vulnerabilities in HAProxy