ID CVE-2020-11100
Summary In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:haproxy:haproxy:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.12:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.13:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.16:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.16:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.17:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.17:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.18:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.18:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.19:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.19:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.20:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.20:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.8.21:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.8.21:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:1.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:1.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:haproxy:haproxy:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:haproxy:haproxy:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 24-12-2020 - 16:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1819111
title CVE-2020-11100 haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment haproxy is earlier than 0:1.8.15-6.el8_1.1
          oval oval:com.redhat.rhsa:tst:20201288001
        • comment haproxy is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130868002
      • AND
        • comment haproxy-debugsource is earlier than 0:1.8.15-6.el8_1.1
          oval oval:com.redhat.rhsa:tst:20201288003
        • comment haproxy-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201288004
rhsa
id RHSA-2020:1288
released 2020-04-02
severity Critical
title RHSA-2020:1288: haproxy security update (Critical)
rpms
  • haproxy-debuginfo-0:1.8.23-3.el7
  • haproxy18-0:1.8.23-3.el7
  • haproxy-0:1.8.15-6.el8_1.1
  • haproxy-debuginfo-0:1.8.15-6.el8_1.1
  • haproxy-debugsource-0:1.8.15-6.el8_1.1
  • haproxy-0:1.8.15-5.el8_0.1
  • haproxy-debuginfo-0:1.8.15-5.el8_0.1
  • haproxy-debugsource-0:1.8.15-5.el8_0.1
  • rh-haproxy18-haproxy-0:1.8.17-1.el7.1
  • rh-haproxy18-haproxy-debuginfo-0:1.8.17-1.el7.1
  • rh-haproxy18-haproxy-syspaths-0:1.8.17-1.el7.1
  • haproxy-debuginfo-0:2.0.13-3.el7
  • haproxy-debugsource-0:2.0.13-3.el8
  • haproxy20-0:2.0.13-3.el7
  • haproxy20-0:2.0.13-3.el8
  • haproxy20-debuginfo-0:2.0.13-3.el8
refmap via4
confirm
debian DSA-4649
fedora
  • FEDORA-2020-13fd8b1721
  • FEDORA-2020-16cd111544
gentoo GLSA-202012-22
misc
suse openSUSE-SU-2020:0444
ubuntu USN-4321-1
Last major update 24-12-2020 - 16:15
Published 02-04-2020 - 15:15
Last modified 24-12-2020 - 16:15
Back to Top