apk package
wolfi/haproxy-3.0
pkg:apk/wolfi/haproxy-3.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32464 | Med | 6.8 | < 3.0.10-r0 | 3.0.10-r0 | Apr 9, 2025 | HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. | |
| CVE-2024-49214 | Med | 5.3 | < 3.0.5-r0 | 3.0.5-r0 | Oct 14, 2024 | QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality. | |
| CVE-2024-45506 | — | < 3.0.4-r0 | 3.0.4-r0 | Sep 4, 2024 | HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024. | ||
| CVE-2023-0056 | — | < 0 | 0 | Mar 23, 2023 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | ||
| CVE-2016-2102 | Med | 5.3 | < 0 | 0 | Aug 22, 2017 | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. |
- affected < 3.0.10-r0fixed 3.0.10-r0
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
- affected < 3.0.5-r0fixed 3.0.5-r0
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
- CVE-2024-45506Sep 4, 2024affected < 3.0.4-r0fixed 3.0.4-r0
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
- CVE-2023-0056Mar 23, 2023affected < 0fixed 0
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
- affected < 0fixed 0
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.