CVE-2019-19330

Published: Nov 27, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344

x_refsource_MISC

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878

x_refsource_MISC

https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e

x_refsource_MISC

https://tools.ietf.org/html/rfc7540#section-10.3

x_refsource_MISC

DSA-4577

vendor-advisory

x_refsource_DEBIAN

20191128 [SECURITY] [DSA 4577-1] haproxy security update

mailing-list

x_refsource_BUGTRAQ

USN-4212-1

vendor-advisory

x_refsource_UBUNTU

GLSA-202004-01

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-19330

Description

Affected Products

References