rpm package
opensuse/haproxy&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/haproxy&distro=openSUSE%20Leap%2015.1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11100 | — | < 2.0.10+git0.ac198b92-lp151.2.9.1 | 2.0.10+git0.ac198b92-lp151.2.9.1 | Apr 2, 2020 | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | ||
| CVE-2019-18277 | — | < 2.0.10+git0.ac198b92-lp151.2.6.1 | 2.0.10+git0.ac198b92-lp151.2.6.1 | Oct 23, 2019 | A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct a | ||
| CVE-2019-14241 | — | < 2.0.5+git0.d905f49a-lp151.2.3.1 | 2.0.5+git0.d905f49a-lp151.2.3.1 | Jul 23, 2019 | HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. |
- CVE-2020-11100Apr 2, 2020affected < 2.0.10+git0.ac198b92-lp151.2.9.1fixed 2.0.10+git0.ac198b92-lp151.2.9.1
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
- CVE-2019-18277Oct 23, 2019affected < 2.0.10+git0.ac198b92-lp151.2.6.1fixed 2.0.10+git0.ac198b92-lp151.2.6.1
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct a
- CVE-2019-14241Jul 23, 2019affected < 2.0.5+git0.d905f49a-lp151.2.3.1fixed 2.0.5+git0.d905f49a-lp151.2.3.1
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.