Vulnerabilities > CVE-2019-14241 - Infinite Loop vulnerability in Haproxy
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2556.NASL description This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues : Security issue fixed : - CVE-2019-14241: Fixed a cookie memory corruption problem. (bsc#1142529) The update to 2.0.5 brings lots of features and bugfixes : - new internal native HTTP representation called HTX, was already in 1.9 and is now enabled by default in 2.0 - end-to-end HTTP/2 support including trailers and continuation frames, as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using the H2 preface; - server connection pooling and more advanced reuse, with ALPN protocol negotiation (already in 1.9) - layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers as well as on the frontend - much more scalable multi-threading, which is even enabled by default on platforms where it was successfully tested ; by default, as many threads are started as the number of CPUs haproxy is allowed to run on. This removes a lot of configuration burden in VMs and containers - automatic maxconn setting for the process and the frontends, directly based on the number of available FDs (easier configuration in containers and with systemd) - logging to stdout for use in containers and systemd (already in 1.9). Logs can now provide micro-second resolution for some events - peers now support SSL, declaration of multiple stick-tables directly in the peers section, and synchronization of server names, not just IDs - In master-worker mode, the master process now exposes its own CLI and can communicate with all other processes (including the stopping ones), even allowing to connect to their CLI and check their state. It is also possible to start some sidecar programs and monitor them from the master, and the master can automatically kill old processes that survived too many reloads - the incoming connections are load-balanced between all threads depending on their load to minimize the processing time and maximize the capacity (already in 1.9) - the SPOE connection load-balancing was significantly improved in order to reduce high percentiles of SPOA response time (already in 1.9) - the last seen 2020-06-01 modified 2020-06-02 plugin id 131281 published 2019-11-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131281 title openSUSE Security Update : haproxy (openSUSE-2019-2556) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0249_HAPROXY.NASL description An update of the haproxy package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 128726 published 2019-09-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128726 title Photon OS 1.0: Haproxy PHSA-2019-1.0-0249 NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2555.NASL description This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues : Security issue fixed : - CVE-2019-14241: Fixed a cookie memory corruption problem. (bsc#1142529) The update to 2.0.5 brings lots of features and bugfixes : - new internal native HTTP representation called HTX, was already in 1.9 and is now enabled by default in 2.0 - end-to-end HTTP/2 support including trailers and continuation frames, as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using the H2 preface; - server connection pooling and more advanced reuse, with ALPN protocol negotiation (already in 1.9) - layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers as well as on the frontend - much more scalable multi-threading, which is even enabled by default on platforms where it was successfully tested ; by default, as many threads are started as the number of CPUs haproxy is allowed to run on. This removes a lot of configuration burden in VMs and containers - automatic maxconn setting for the process and the frontends, directly based on the number of available FDs (easier configuration in containers and with systemd) - logging to stdout for use in containers and systemd (already in 1.9). Logs can now provide micro-second resolution for some events - peers now support SSL, declaration of multiple stick-tables directly in the peers section, and synchronization of server names, not just IDs - In master-worker mode, the master process now exposes its own CLI and can communicate with all other processes (including the stopping ones), even allowing to connect to their CLI and check their state. It is also possible to start some sidecar programs and monitor them from the master, and the master can automatically kill old processes that survived too many reloads - the incoming connections are load-balanced between all threads depending on their load to minimize the processing time and maximize the capacity (already in 1.9) - the SPOE connection load-balancing was significantly improved in order to reduce high percentiles of SPOA response time (already in 1.9) - the last seen 2020-06-01 modified 2020-06-02 plugin id 131280 published 2019-11-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131280 title openSUSE Security Update : haproxy (openSUSE-2019-2555) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0026_HAPROXY.NASL description An update of the haproxy package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 128731 published 2019-09-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128731 title Photon OS 3.0: Haproxy PHSA-2019-3.0-0026
References
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00062.html
- http://www.securityfocus.com/bid/109352
- http://www.securityfocus.com/bid/109352
- https://github.com/haproxy/haproxy/issues/181
- https://github.com/haproxy/haproxy/issues/181