Описание
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.8.8-1ubuntu0.10 |
| devel | released | 2.0.13-2 |
| eoan | released | 2.0.5-1ubuntu0.4 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 1.8.8-1ubuntu0.10 |
| esm-infra/xenial | not-affected | code not present |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 2.0.14 |
Показывать по
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...
6.5 Medium
CVSS2
8.8 High
CVSS3