haproxy - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1124 | 2.1.3-1 | 2.1.4-1 | Critical | Fixed | |
| AVG-836 | 1.8.14-1 | 1.9.0-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-11100 | AVG-1124 | Critical | Yes | Arbitrary code execution | An out-of-bounds memory write has been found in HAProxy before 2.1.4, in the HPACK table management code. |
| CVE-2018-20103 | AVG-836 | Medium | Yes | Denial of service | A stack-exhaustion issue has been found in HAProxy before 1.8.15, in the dns_read_name() function in dns.c, where an infinite recursion can be triggered via... |
| CVE-2018-20102 | AVG-836 | Low | Yes | Denial of service | A stack-based out-of-bounds read has been found in HAProxy before 1.8.15, in the dns_validate_dns_response() function in dns.c, where it can be triggered by... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 08 Apr 2020 | ASA-202004-7 | AVG-1124 | Critical | arbitrary code execution |
| 24 Jan 2019 | ASA-201901-15 | AVG-836 | Medium | denial of service |