CVE-2020-11100

CVE Database · CVE-2020-11100

CVE-2020-11100

· HIGHModified

CVSS v3.1

8.8

EPSS

60.73%

Published

Apr 2, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Affected Products (9)

haproxy · haproxy (up to 2.1.4)vulnerable

debian · debian_linuxvulnerable

redhat · openshift_container_platformvulnerable

fedoraproject · fedoravulnerable

canonical · ubuntu_linuxvulnerable

opensuse · leapvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html

Third Party AdvisoryVDB Entry

http://www.haproxy.org

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1819111

Issue TrackingThird Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1168023

Issue TrackingThird Party Advisory

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88

KEV Catalog EPSS Scores Vendors All CVEs