PT-2020-2138 · Haproxy+5 · Haproxy+5

Felix Wilhelm

Published

2020-04-02

Updated

2024-06-15

CVE-2020-11100

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HAProxy versions 1.8 through 2.1.4

Description The issue is related to the hpack dht insert function in the HPACK decoder, which can be exploited by a remote attacker via a crafted HTTP/2 request. This could lead to writing arbitrary bytes around a certain location on the heap, possibly causing remote code execution. The vulnerability may allow an attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity.

Recommendations For HAProxy versions 1.8 through 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider disabling HTTP/2 support until a patch is available. Restrict access to the hpack dht insert function in the HPACK decoder to minimize the risk of exploitation.

Exploit

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-1066

ALT-PU-2021-2130

ALT-PU-2023-5100

BDU:2020-02035

BIT-HAPROXY-2020-11100

CESA-2020_1288

CVE-2020-11100

DSA-4649-1

OPENSUSE-SU-2020:0444-1

OPENSUSE-SU-2020_0444-1

OPENSUSE-SU-2024:10839-1

RHSA-2020:1287

RHSA-2020:1288

RHSA-2020:1289

RHSA-2020:1290

RHSA-2020:1936

RHSA-2020_1288

SUSE-SU-2020:0851-1

SUSE-SU-2020:0852-1

SUSE-SU-2020_0851-1

SUSE-SU-2020_0852-1

USN-4321-1

Affected Products

Alt Linux

Centos

Haproxy

Red Hat

Suse

Ubuntu

PT-2020-2138 · Haproxy+5 · Haproxy+5

CVE-2020-11100

Weakness Enumeration

Related Identifiers

Affected Products

References · 62