VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 19, 2013· Updated Apr 29, 2026

CVE-2013-2175

CVE-2013-2175

Description

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Affected products

51
  • Haproxy/Haproxy45 versions
    cpe:2.3:a:haproxy:haproxy:1.4:*:*:*:*:*:*:*+ 44 more
    • cpe:2.3:a:haproxy:haproxy:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.12:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.13:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.14:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.15:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.16:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.17:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.18:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.19:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.20:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.21:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.22:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.23:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev0:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev1:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev10:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev11:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev12:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev13:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev14:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev15:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev16:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev17:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev18:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev2:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev3:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev4:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev5:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev6:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev7:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev8:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev9:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Load Balancer2 versions
    cpe:2.3:a:redhat:enterprise_linux_load_balancer:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:enterprise_linux_load_balancer:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:enterprise_linux_load_balancer:6.4:*:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.