High severity7.5NVD Advisory· Published Sep 21, 2018· Updated Jun 17, 2026
CVE-2018-14645
CVE-2018-14645
Description
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- osv-coords2 versionspkg:rpm/opensuse/haproxy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015
< 2.4.4+git0.acb1d0bea-1.2+ 1 more
- (no CPE)range: < 2.4.4+git0.acb1d0bea-1.2
- (no CPE)range: < 1.8.14~git0.52e4d43b-3.3.2
Patches
Vulnerability mechanics
References
5- access.redhat.com/errata/RHSA-2018:2882nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingMitigationThird Party Advisory
- usn.ubuntu.com/3780-1/nvdThird Party Advisory
- access.redhat.com/errata/RHBA-2019:0028nvd
- www.mail-archive.com/haproxy%40formilux.org/msg31253.htmlnvd
News mentions
0No linked articles in our index yet.