8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
haproxy is vulnerable to denial of service (DoS). The vulnerability exists through malformed HTTP/2 requests that can lead to out-of-bounds writes.
lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html
packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html
www.haproxy.org
access.redhat.com/errata/RHSA-2020:1290
access.redhat.com/security/updates/classification/#critical
access.redhat.com/security/vulnerabilities/haproxy
bugzilla.redhat.com/show_bug.cgi?id=1819111
bugzilla.suse.com/show_bug.cgi?id=1168023
git.haproxy.org/?p=haproxy.git;a=commit;h=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88
lists.debian.org/debian-security-announce/2020/msg00052.html
lists.fedoraproject.org/archives/list/[email protected]/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/
lists.fedoraproject.org/archives/list/[email protected]/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/
security.gentoo.org/glsa/202012-22
usn.ubuntu.com/4321-1/
www.debian.org/security/2020/dsa-4649
www.haproxy.org/download/2.1/src/CHANGELOG
www.mail-archive.com/[email protected]/msg36876.html
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P