suse · CVE-2018-20103

Quick triage

Priority: high Published: 2021-05-30 14:19:22 UTC Updated: 2025-08-14 02:22:22 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-20103 severity important: SUSE including 9 source package names (haproxy, haproxy-1.8.15~git0.6b6a350a-3.6.2, …), 20 product×package rows across 20 product lines (HPE Helion OpenStack 8, SUSE Linux Enterprise High Availability Extension 12, … (20 product lines)): Known Not Affected 12, Fixed 8.

Description:

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

cvelogic Threat Intelligence