VYPR

rpm package

opensuse/haproxy&distro=openSUSE Leap 15.1

pkg:rpm/opensuse/haproxy&distro=openSUSE%20Leap%2015.1

Vulnerabilities (3)

  • CVE-2020-11100Apr 2, 2020
    affected < 2.0.10+git0.ac198b92-lp151.2.9.1fixed 2.0.10+git0.ac198b92-lp151.2.9.1

    In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

  • CVE-2019-18277Oct 23, 2019
    affected < 2.0.10+git0.ac198b92-lp151.2.6.1fixed 2.0.10+git0.ac198b92-lp151.2.6.1

    A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct a

  • CVE-2019-14241Jul 23, 2019
    affected < 2.0.5+git0.d905f49a-lp151.2.3.1fixed 2.0.5+git0.d905f49a-lp151.2.3.1

    HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.