CVE-2019-19330
CRITICAL9.8EPSS 1.1%haproxy - security update
Published: 11/27/2019Modified: 4/28/2026
Description
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Affected packages (3)
- Alpine/haproxyfrom 0, < 1.8.23
- Debian/haproxyfrom 0, < 2.0.10-1
- Debian/haproxyfrom 0, < 1.8.19-1+deb10u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |