Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Haproxy
(Haproxy)Repositories | https://github.com/haproxy/haproxy |
#Vulnerabilities | 29 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-11-28 | CVE-2023-45539 | HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | Haproxy | 8.2 | ||
2012-05-27 | CVE-2012-2942 | Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. | Haproxy | N/A | ||
2014-09-30 | CVE-2014-6269 | Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. | Haproxy | N/A | ||
2016-06-30 | CVE-2016-5360 | HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. | Ubuntu_linux, Haproxy | 7.5 | ||
2018-05-09 | CVE-2018-10184 | An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited... | Haproxy, Enterprise_linux | 7.5 |