rpm package
opensuse/haproxy&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/haproxy&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11230 | — | < 2.8.11+git0.01c1056a4-150600.3.9.1 | 2.8.11+git0.01c1056a4-150600.3.9.1 | Nov 19, 2025 | Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. | ||
| CVE-2025-32464 | Med | 6.8 | < 2.8.11+git0.01c1056a4-150600.3.6.1 | 2.8.11+git0.01c1056a4-150600.3.6.1 | Apr 9, 2025 | HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. | |
| CVE-2024-53008 | Med | 5.3 | < 2.8.11+git0.01c1056a4-150600.3.3.1 | 2.8.11+git0.01c1056a4-150600.3.3.1 | Nov 28, 2024 | Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obt |
- CVE-2025-11230Nov 19, 2025affected < 2.8.11+git0.01c1056a4-150600.3.9.1fixed 2.8.11+git0.01c1056a4-150600.3.9.1
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.
- affected < 2.8.11+git0.01c1056a4-150600.3.6.1fixed 2.8.11+git0.01c1056a4-150600.3.6.1
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
- affected < 2.8.11+git0.01c1056a4-150600.3.3.1fixed 2.8.11+git0.01c1056a4-150600.3.3.1
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obt