VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jul 6, 2015· Updated May 6, 2026

CVE-2015-3281

CVE-2015-3281

Description

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

Affected products

56
  • Haproxy/Haproxy36 versions
    cpe:2.3:a:haproxy:haproxy:1.5.0:*:*:*:*:*:*:*+ 35 more
    • cpe:2.3:a:haproxy:haproxy:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev0:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev1:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev10:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev11:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev12:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev13:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev14:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev15:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev16:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev17:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev18:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev19:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev2:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev3:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev4:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev5:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev6:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev7:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev8:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.5:dev9:*:*:*:*:*:*
    • cpe:2.3:a:haproxy:haproxy:1.6:dev0:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux2 versions
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OpenSUSE/Openstack Cloud
    cpe:2.3:o:opensuse:openstack_cloud:5:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Eus6 versions
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus2 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise High Availability Extension
    cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.