Published: 02/04/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 up to and including 2.x prior to 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy
debian debian linux 10.0
redhat openshift container platform 3.11
redhat openshift container platform 4.0
fedoraproject fedora 30
fedoraproject fedora 31
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
opensuse leap 15.1

HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 request ...

Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution For the stable distribution (buster), this problem has been ...

Synopsis Critical: haproxy security update Type/Severity Security Advisory: Critical Topic An update for haproxy is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...

Synopsis Critical: haproxy security update Type/Severity Security Advisory: Critical Topic An update for haproxy is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: rh-haproxy18-haproxy security update Type/Severity Security Advisory: Critical Topic An update for rh-haproxy18-haproxy is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...

Synopsis Critical: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Critical Topic Red Hat OpenShift Container Platform release 311200 is now available withupdates to packages and images that fix several bugsRed Hat Product Security has rated this update as having a secu ...

In hpack_dht_insert in hpack-tblc in the HPACK decoder in HAProxy 18 through 2x before 214, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution (CVE-2020-11100) ...

An out-of-bounds memory write has been found in HAProxy before 214, in the HPACK table management code ...

CWE-787 https://lists.debian.org/debian-security-announce/2020/msg00052.html http://www.haproxy.org https://www.haproxy.org/download/2.1/src/CHANGELOG https://bugzilla.redhat.com/show_bug.cgi?id=1819111 https://bugzilla.suse.com/show_bug.cgi?id=1168023 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html https://www.debian.org/security/2020/dsa-4649 https://usn.ubuntu.com/4321-1/http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html https://security.gentoo.org/glsa/202012-22 https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/https://usn.ubuntu.com/4321-1/https://nvd.nist.gov

CVE-2020-11100

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect