apk package
chainguard/haproxy-2.6-nocaps
pkg:apk/chainguard/haproxy-2.6-nocaps
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11230 | — | < 2.6.23-r0 | 2.6.23-r0 | Nov 19, 2025 | Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. | ||
| CVE-2025-32464 | Med | 6.8 | < 2.6.20-r46 | 2.6.20-r46 | Apr 9, 2025 | HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. | |
| CVE-2024-53008 | Med | 5.3 | < 2.6.20-r0 | 2.6.20-r0 | Nov 28, 2024 | Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obt | |
| CVE-2023-45539 | — | < 0 | 0 | Nov 28, 2023 | HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | ||
| CVE-2023-0056 | — | < 0 | 0 | Mar 23, 2023 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | ||
| CVE-2016-2102 | Med | 5.3 | < 0 | 0 | Aug 22, 2017 | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. |
- CVE-2025-11230Nov 19, 2025affected < 2.6.23-r0fixed 2.6.23-r0
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.
- affected < 2.6.20-r46fixed 2.6.20-r46
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
- affected < 2.6.20-r0fixed 2.6.20-r0
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obt
- CVE-2023-45539Nov 28, 2023affected < 0fixed 0
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
- CVE-2023-0056Mar 23, 2023affected < 0fixed 0
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
- affected < 0fixed 0
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.