|Max CVSS||7.5||Min CVSS||6.5||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
|24-12-2020 - 16:15||02-04-2020 - 15:15|
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
|01-04-2020 - 21:15||27-11-2019 - 16:15|