HAProxy: Remote execution of arbitrary code

HAProxy: Remote execution of arbitrary code A vulnerability in HAProxy might lead to remote execution of arbitrary code. haproxy 2020-04-01 2020-04-01 701842 remote 1.8.23 1.9.13 2.0.10 2.0.10

HAProxy is a TCP/HTTP reverse proxy for high availability environments.

It was discovered that HAProxy incorrectly handled certain HTTP/2 headers.

A remote attacker could send a specially crafted HTTP/2 header, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All HAProxy 1.8.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-1.8.23"

All HAProxy 1.9.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-1.9.13"

All HAProxy 2.0.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-2.0.10"

CVE-2019-19330 whissi whissi