|Max CVSS||7.5||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
|24-12-2020 - 16:15||02-04-2020 - 15:15|
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it cou
|24-08-2020 - 17:37||23-10-2019 - 14:15|
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
|01-04-2020 - 21:15||27-11-2019 - 16:15|