Unrated severityNVD Advisory· Published Dec 12, 2018· Updated Aug 5, 2024
CVE-2018-20102
CVE-2018-20102
Description
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coordsRange: < 1.8.15~git0.6b6a350a-3.6.2
Patches
Vulnerability mechanics
References
7- access.redhat.com/errata/RHBA-2019:0326mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHBA-2019:0327mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:1436mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3858-1/mitrevendor-advisoryx_refsource_UBUNTU
- git.haproxy.orgmitrex_refsource_MISC
- www.securityfocus.com/bid/106223mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2022/05/msg00045.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.