Lucene search
+L

506 matches found

CNVD
CNVD
added 2020/04/03 12:0 a.m.2 views

HAProxy Buffer Overflow Vulnerability

HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy. The server provides 4-layer and 7-layer proxy , and can support tens of thousands of level of connections , with high efficiency , stability and other characteristics . A security vulnerability exists in the...

8.8CVSS7.8AI score0.60727EPSS
Exploits0
NVD
NVD
added 2020/04/02 3:15 p.m.17 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS8.8AI score0.60727EPSS
Exploits0References14
OSV
OSV
added 2020/04/02 3:15 p.m.31 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS4.8AI score
Exploits0References14
Prion
Prion
added 2020/04/02 3:15 p.m.20 views

Remote code execution

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

6.5CVSS8.7AI score0.60727EPSS
Exploits0References14Affected Software6
EUVD
EUVD
added 2020/04/02 2:23 p.m.4 views

EUVD-2020-3458

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS7.7AI score0.60727EPSS
Exploits0References24
Debian CVE
Debian CVE
added 2020/04/02 2:23 p.m.30 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS7.9AI score0.60727EPSS
Exploits0
Cvelist
Cvelist
added 2020/04/02 2:23 p.m.27 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8AI score0.60727EPSS
Exploits0References14
CVE
CVE
added 2020/04/02 2:23 p.m.301 views

CVE-2020-11100

HAProxy CVE-2020-11100 involves an out-of-bounds write in the HPACK decoder ({Hpack_dht_insert} in {hpack-tbl.c}) that could allow a remote attacker to execute code via a crafted HTTP/2 request. Amazon Linux 2 advisory ALAS2HAPROXY2-2023-006 confirms the fix in haproxy2 2.1.4-1 (haproxy2 package)...

8.8CVSS8.7AI score0.60727EPSS
Exploits0References14Affected Software1
AlpineLinux
AlpineLinux
added 2020/04/02 2:23 p.m.42 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS9AI score0.60727EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/04/02 12:0 a.m.28 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...

8.8CVSS1.6AI score0.60727EPSS
Exploits0References19
FreeBSD
FreeBSD
added 2020/04/02 12:0 a.m.70 views

HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2

The HAproxy Project reports: The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue...

8.8CVSS1.2AI score0.60727EPSS
Exploits0References4
NVD
NVD
added 2019/12/04 5:16 p.m.28 views

CVE-2019-11940

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00...

9.8CVSS9.5AI score0.01364EPSS
Exploits0References2
OSV
OSV
added 2019/12/04 5:16 p.m.28 views

CVE-2019-11940

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00...

9.8CVSS6.9AI score0.01364EPSS
Exploits0References2
Prion
Prion
added 2019/12/04 5:16 p.m.23 views

Design/Logic Flaw

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00...

7.5CVSS9.3AI score0.01364EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/04 4:30 p.m.32 views

CVE-2019-11940

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00...

9.5AI score0.01364EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2019/07/05 9:11 p.m.21 views

h2 (=1.0.0) potentially affected by CVE-2016-6581 via hpack (=1.1.0)

hpack PYPI version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on hpack and may be impacted: - h2 =1.0.0 Source cves: CVE-2016-6581 Source advisory: OSV:GHSA-FFQ8-576R-V26G...

7.8CVSS7.1AI score0.01757EPSS
Exploits0
OSV
OSV
added 2019/07/05 9:11 p.m.30 views

GHSA-FFQ8-576R-V26G HPACK Denial of Service vulnerability (HPACK Bomb)

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

8.7CVSS7.3AI score0.01757EPSS
Exploits0References7
Veracode
Veracode
added 2019/01/15 9:26 a.m.30 views

Denial Of Service (DoS)

haproxy is vulnerable to denial of service. An out-of-bounds read in the hpackvalididx function in HPACK decoder used for HTTP/2 allows a remote attacker to crash the service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References6Affected Software16
RedHat Linux
RedHat Linux
added 2019/01/10 8:55 a.m.5 views

haproxy: Out-of-bounds read in HPACK decoder

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/11 4:39 p.m.6 views

haproxy: Out-of-bounds read in HPACK decoder

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References5
Rows per page
Query Builder