CVE Request: haproxy read out of bounds

[Willy Tarreau <w () 1wt eu>]

Hi,

I'd like to get a CVE ID for a new vulnerability affecting HAProxy 1.5
before 1.5.4. In short, a user can cause HAProxy to parse contents out
of a buffer by sending multiple gigs of carefully crafted chunks faster
than the target server can read them. No memory write is performed during
this phase, but the process may crash when tring to parse chunked data
out of the request buffer.

All the details and the patch are available here :

   http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c

The fix was included in 1.5.4.

Thanks,
Willy