What is CVE-2020-11100?

CVE-2020-11100 is a vulnerability in N/a. Published 2020-04-02.

Is CVE-2020-11100 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-11100

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code e…

EPSS: 0.744 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.haproxy.org (x_refsource_MISC)
www.haproxy.org/download/2.1/src/CHANGELOG (x_refsource_CONFIRM)
lists.debian.org/debian-security-announce/2020/msg00052.html (x_refsource_CONFIRM)
www.mail-archive.com/haproxy@formilux.org/msg36876.html (x_refsource_CONFIRM)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
git.haproxy.org/ (x_refsource_CONFIRM)
bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)
openSUSE-SU-2020:0444 (vendor-advisory, x_refsource_SUSE)
FEDORA-2020-16cd111544 (vendor-advisory, x_refsource_FEDORA)
DSA-4649 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2020-11100?: CVE-2020-11100 is a vulnerability in N/a. Published 2020-04-02.
Is CVE-2020-11100 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.