| CNNVD-ID编号 | CNNVD-202004-069 | CVE编号 | CVE-2020-11100 |
| 发布时间 | 2020-04-02 | 更新时间 | 2020-12-25 |
| 漏洞类型 | 缓冲区错误 | 漏洞来源 | Ubuntu,Red Hat,Gentoo |
| 危险等级 | 高危 | 威胁类型 | 远程 |
| 厂商 | N/A | ||
HAProxy是法国HAProxy公司的一款开源的TCP/HTTP负载均衡服务器。该服务器提供4层、7层代理,并能支持上万级别的连接,具有高效、稳定等特点。
HAProxy 1.8版本至2.x版本(2.1.4版本已修复)中的HPACK解码器的hpack-tbl.c文件的hpack_dht_insert存在安全漏洞。远程攻击者可借助特制的HTTP/2请求利用该漏洞执行代码。
目前厂商已发布升级了HAProxy 缓冲区错误漏洞的补丁,HAProxy 缓冲区错误漏洞的补丁获取链接:
https://www.haproxy.org/download/2.1/src/CHANGELOG
来源:DEBIAN
来源:CONFIRM
来源:MISC
来源:FEDORA
来源:CONFIRM
来源:CONFIRM
来源:CONFIRM
链接:https://www.mail-archive.com/haproxy@formilux.org/msg36876.html
来源:GENTOO
来源:MISC
链接:https://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html
来源:FEDORA
来源:CONFIRM
链接:https://lists.debian.org/debian-security-announce/2020/msg00052.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html
来源:CONFIRM
链接:https://git.haproxy.org/?p=haproxy.git;a=commit;h=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88
来源:UBUNTU
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157536/Red-Hat-Security-Advisory-2020-1936-01.html
来源:www.auscert.org.au
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/HAProxy-memory-corruption-via-hpack-dht-insert-31930
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157151/Ubuntu-Security-Notice-USN-4321-1.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157067/Red-Hat-Security-Advisory-2020-1289-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html
来源:access.redhat.com
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160715/Gentoo-Linux-Security-Advisory-202012-22.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157162/Red-Hat-Security-Advisory-2020-1287-01.html
来源:nvd.nist.gov
来源:www.auscert.org.au
来源:www.auscert.org.au
暂无
计算
安全
数据库
网络和加速
企业服务
