CVE-2020-11100

Published: Apr 2, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.haproxy.org

x_refsource_MISC

https://www.haproxy.org/download/2.1/src/CHANGELOG

x_refsource_CONFIRM

https://lists.debian.org/debian-security-announce/2020/msg00052.html

x_refsource_CONFIRM

https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1819111

x_refsource_CONFIRM

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88

x_refsource_CONFIRM

https://bugzilla.suse.com/show_bug.cgi?id=1168023

x_refsource_CONFIRM

openSUSE-SU-2020:0444

vendor-advisory

x_refsource_SUSE

FEDORA-2020-16cd111544

vendor-advisory

x_refsource_FEDORA

DSA-4649

vendor-advisory

x_refsource_DEBIAN

USN-4321-1

vendor-advisory

x_refsource_UBUNTU

http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html

x_refsource_MISC

FEDORA-2020-13fd8b1721

vendor-advisory

x_refsource_FEDORA

GLSA-202012-22

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11100

Description

Affected Products

References