CVE-2020-11100

HAProxy CVE-2020-11100 involves an out-of-bounds write in the HPACK decoder ({Hpack_dht_insert} in {hpack-tbl.c}) that could allow a remote attacker to execute code via a crafted HTTP/2 request. Amazon Linux 2 advisory ALAS2HAPROXY2-2023-006 confirms the fix in haproxy2 2.1.4-1 (haproxy2 package)...

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

EUVD-2020-3458

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2

The HAproxy Project reports: The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue...

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...

openSUSE Security Update : opera (openSUSE-2020-402)

This update for opera fixes the following issues : Update to version 67.0.3575.97 - DNA-84063 Open URL in new tab with Go to web address in search/copy popup and right mouse click context menu - DNA-84780 Search in Search and Copy popup opens tab in wrong position from popup window - DNA-84786...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

The vulnerability of the AVX2 decoder in Linux kernel allows a hacker to execute arbitrary code.

The vulnerability of the AVX2 decoder in Linux operating systems exists due to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Design/Logic Flaw

An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption...

UBUNTU-CVE-2019-13010

An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption...

xvid:fuzzer-decoder: Crash in image_setedges

Detailed Report: https://oss-fuzz.com/testcase?key=5641874074501120 Project: xvid Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzerasanxvid Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x622100000a5f Crash State: imagesetedges decoderpframe decoderdecode...

VulnCheck KEV: CVE-2018-10115

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

CVE-2014-1958

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030...

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

Heap overflow

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

PT-2020-20142 · Trend Micro · Ossec-Hids

Name of the Vulnerable Software and Affected Versions: OSSEC-HIDS versions 2.7 through 3.5.0 Description: The server component responsible for log analysis, ossec-analysisd, is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

PT-2020-6706 · Artifex +6 · Jbig2Dec +6

Name of the Vulnerable Software and Affected Versions: Artifex jbig2dec versions prior to 0.18 Description: The issue is related to a heap-based buffer overflow in the jbig2 image compose function of the jbig2 image.c component in the Jbig2dec decoder. This allows a remote attacker to access...