rpm package
opensuse/haproxy&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/haproxy&distro=openSUSE%20Tumbleweed
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-6269 | — | < 1.7.0-1.1 | 1.7.0-1.1 | Sep 30, 2014 | Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. | ||
| CVE-2013-2175 | — | < 1.7.0-1.1 | 1.7.0-1.1 | Aug 19, 2013 | HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of v | ||
| CVE-2013-1912 | — | < 1.7.0-1.1 | 1.7.0-1.1 | Apr 10, 2013 | Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and pos |
- CVE-2014-6269Sep 30, 2014affected < 1.7.0-1.1fixed 1.7.0-1.1
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
- CVE-2013-2175Aug 19, 2013affected < 1.7.0-1.1fixed 1.7.0-1.1
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of v
- CVE-2013-1912Apr 10, 2013affected < 1.7.0-1.1fixed 1.7.0-1.1
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and pos
Page 2 of 2