Intrusion PreventionHAProxy.HTTP2.HPACK.hpack-tbl.c.Out.of.Bound.Write
Description
This indicates an attack attempt to exploit a Use After Free Vulnerability in HAProxy.
The vulnerability is due to improper checking of total header lengths in hpack_dht_insert in hpack-tbl.c in the HPACK decoder when processing HPACK compressed packet headers. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted SETTINGS frame then a crafted HEADERS frame. Successful exploitation could result in the execution of arbitrary code under the security context of the user running HAproxy.
Affected Products
HAProxy HAProxy 1.8 through 2.x before 2.1.4
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.mail-archive.com/haproxy@formilux.org/msg36876.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-11-07 | 26.672 | Sig Added |
| 2020-10-22 | 16.948 | Default_action:pass:drop |
| 2020-10-13 | 16.942 |
| ID | 49526 |
| Created | Oct 05, 2020 |
| Updated | Nov 14, 2023 |
| Risk |
|
| CVE ID | CVE-2020-11100 |
| Exploit Prediction Score | 2.8% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, BSD, Solaris |
| Affected App | Other |