Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2018-10184 | First vendor Publication | 2018-05-09 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.5 | ||
Base Score | 7.5 | Environmental Score | 7.5 |
impact SubScore | 3.6 | Temporal Score | 7.5 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | None | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10184 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2019-11-03 | HAProxy H2 Frame heap memory corruption attempt RuleID : 51725 - Revision : 1 - Type : SERVER-WEBAPP |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:41:47 |
|
2021-05-04 13:06:49 |
|
2021-04-22 02:20:29 |
|
2020-05-23 02:10:00 |
|
2020-05-23 01:05:40 |
|
2019-06-27 12:09:31 |
|
2018-06-29 12:05:26 |
|
2018-06-18 21:19:43 |
|
2018-05-17 09:19:38 |
|
2018-05-09 17:19:27 |
|