SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  HAProxy HPACK Decoder Remote Code Execution 2

Category: WEB-ATTACKS      

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100


Relevant Information