cvedb.io
CVE-2018-20615
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-03-21T16:00:36.297 · Last modified 2026-06-17T01:53:11.713

Summary

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

Affected products

haproxy — haproxy

Does this affect you?

Add your gear to cvedb and we'll alert you only when haproxy ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.