CVE-2019-19330
N/A
N/A
Summary
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878
- https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e
- https://tools.ietf.org/html/rfc7540#section-10.3
- https://www.debian.org/security/2019/dsa-4577
- https://seclists.org/bugtraq/2019/Nov/45
- https://usn.ubuntu.com/4212-1/
- https://security.gentoo.org/glsa/202004-01
References
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878
- https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e
- https://tools.ietf.org/html/rfc7540#section-10.3
- https://www.debian.org/security/2019/dsa-4577
- https://seclists.org/bugtraq/2019/Nov/45
- https://usn.ubuntu.com/4212-1/
- https://security.gentoo.org/glsa/202004-01
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.