Unrated severityNVD Advisory· Published Jul 6, 2015· Updated Jun 17, 2026
CVE-2015-3281
CVE-2015-3281
Description
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
61cpe:2.3:a:haproxy:haproxy:1.5.0:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:haproxy:haproxy:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev0:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev1:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev10:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev11:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev12:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev13:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev14:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev15:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev16:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev17:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev18:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev19:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev2:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev3:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev4:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev5:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev6:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev7:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev8:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.5:dev9:*:*:*:*:*:*
- cpe:2.3:a:haproxy:haproxy:1.6:dev0:*:*:*:*:*:*
- (no CPE)range: <1.5.14
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:openstack_cloud:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/haproxy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/haproxy&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205pkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012pkg:rpm/suse/haproxy&distro=SUSE%20OpenStack%20Cloud%205
< 1.7.0-1.1+ 3 more
- (no CPE)range: < 1.7.0-1.1
- (no CPE)range: < 1.5.4-2.4.1
- (no CPE)range: < 1.5.4-2.4.1
- (no CPE)range: < 1.5.4-12.1
Patches
Vulnerability mechanics
References
9- www.haproxy.org/news.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-1741.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-2666.htmlnvdThird Party Advisory
- www.debian.org/security/2015/dsa-3301nvdThird Party Advisory
- www.securityfocus.com/bid/75554nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2668-1nvdThird Party Advisory
- git.haproxy.orgnvd
News mentions
0No linked articles in our index yet.