In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:14
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
06 Oct 2022, 20:51
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject fedora
Canonical ubuntu Linux Canonical Fedoraproject Opensuse leap Opensuse |
|
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
|
References | (MISC) http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html - Third Party Advisory, VDB Entry | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202012-22 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4321-1/ - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4649 - Third Party Advisory |
Information
Published : 2020-04-02 15:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-11100
Mitre link : CVE-2020-11100
CVE.ORG link : CVE-2020-11100
JSON object : View
Products Affected
haproxy
- haproxy
opensuse
- leap
redhat
- openshift_container_platform
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write