CVE-2019-19330

CRITICAL9.8EPSS 1.1%

haproxy - security update

發布日:2019/11/27修改日:2025/11/19

也稱為:ALPINE-CVE-2019-19330DEBIAN-CVE-2019-19330

描述

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

受影響套件(3)

Alpine/haproxyfrom 0, < 1.8.23
Debian/haproxyfrom 0, < 2.0.10-1
Debian/haproxyfrom 0, < 1.8.19-1+deb10u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-19330
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-19330