CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

References

Affected packages

Git / github.com/haproxy/haproxy

Affected ranges

Type

GIT

Repo

https://github.com/haproxy/haproxy

Events

Introduced

0b78792bbe61fec420e4e7298d145ec7d498f8f2

Fixed

1753cb544dd19714daecb9c6c4b0d07b6abf40f2

Database specific

{
    "versions": [
        {
            "introduced": "1.8.0"
        },
        {
            "fixed": "2.1.4"
        }
    ]
}

Affected versions

v1.*

v1.8.0

v1.9-dev0

v1.9-dev1

v1.9-dev10

v1.9-dev11

v1.9-dev2

v1.9-dev3

v1.9-dev4

v1.9-dev5

v1.9-dev6

v1.9-dev7

v1.9-dev8

v1.9-dev9

v1.9.0

v2.*

v2.0-dev0

v2.0-dev1

v2.0-dev2

v2.0-dev3

v2.0-dev4

v2.0-dev5

v2.0-dev6

v2.0-dev7

v2.0.0

v2.1-dev0

v2.1-dev1

v2.1-dev2

v2.1-dev3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11100.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    }
]