[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-11100Date: (C)2020-04-08   (M)2023-12-22


In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.8CVSS Score : 6.5
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
DSA-4649
FEDORA-2020-13fd8b1721
FEDORA-2020-16cd111544
GLSA-202012-22
USN-4321-1
http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html
http://www.haproxy.org
https://bugzilla.redhat.com/show_bug.cgi?id=1819111
https://bugzilla.suse.com/show_bug.cgi?id=1168023
https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88
https://lists.debian.org/debian-security-announce/2020/msg00052.html
https://www.haproxy.org/download/2.1/src/CHANGELOG
https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html
openSUSE-SU-2020:0444

CPE    2
cpe:/a:haproxy:haproxy
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
CWE    1
CWE-787
OVAL    11
oval:org.secpod.oval:def:63266
oval:org.secpod.oval:def:66536
oval:org.secpod.oval:def:503636
oval:org.secpod.oval:def:62703
...

© SecPod Technologies