haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes

A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...

CVE-2020-11100

A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...

[SECURITY] [DSA 4649-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4649-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 02, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4649-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4649-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 02, 2020 https://www.debian.org/security/faq -...

SUSE-SU-2020:0852-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2020-11100: Fixed an H2/HPAC vulnerability ch might have allowed arbitrary writes into a 32-bit relative address space bsc1168023...

SUSE-SU-2020:0851-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2020-11100: Fixed an H2/HPAC vulnerability ch might have allowed arbitrary writes into a 32-bit relative address space bsc1168023...

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2

The HAproxy Project reports: The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue...

GLSA-202004-01 : HAProxy: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-202004-01 HAProxy: Remote execution of arbitrary code It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact : A remote attacker could send a specially crafted HTTP/2 header, possibly resulting in...

UBUNTU-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

RHEL 8 : haproxy (RHSA-2020:1289)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1289 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: malform...

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...

DSA-4649-1 haproxy - security update

Bulletin has no description...

haproxy security update

1.8.15-6.1 - - Fix hapack zero byte input causing overwrite CVE-2020-11100, 1819518 1.8.15-6 - Add gating tests 1682106...

RHEL 8 : haproxy (RHSA-2020:1288)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1288 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: malform...

HAProxy: Remote execution of arbitrary code

Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker could send a specially crafted HTTP/2 header, possibly resulting in execution of arbitrary code with t...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2020-1105)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : haproxy (EulerOS-SA-2020-1105)

According to the version of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the 'chunked' value were not being...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2019-2329)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2019-1650)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...