In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 up to and including 2.x prior to 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haproxy haproxy |
||
debian debian linux 10.0 |
||
redhat openshift container platform 3.11 |
||
redhat openshift container platform 4.0 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.10 |
||
opensuse leap 15.1 |