VYPR

rpm package

opensuse/haproxy&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/haproxy&distro=openSUSE%20Tumbleweed

Vulnerabilities (23)

  • CVE-2026-55204Jun 18, 2026
    affected < 3.4.0+git31.fc300e9f2-1.1fixed 3.4.0+git31.fc300e9f2-1.1

    HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic t

  • CVE-2026-55203Jun 18, 2026
    affected < 3.4.0+git31.fc300e9f2-1.1fixed 3.4.0+git31.fc300e9f2-1.1

    HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing

  • CVE-2026-33555MedApr 13, 2026
    affected < 3.3.6+git91.af5637e93-1.1fixed 3.3.6+git91.af5637e93-1.1

    An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend serv

  • CVE-2025-11230Nov 19, 2025
    affected < 3.2.6+git0.81568b2d1-1.1fixed 3.2.6+git0.81568b2d1-1.1

    Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

  • CVE-2025-32464MedApr 9, 2025
    affected < 3.2.0+git0.e134140d2-2.1fixed 3.2.0+git0.e134140d2-2.1

    HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

  • CVE-2024-49214MedOct 14, 2024
    affected < 3.0.5+git0.8e879a52e-2.1fixed 3.0.5+git0.8e879a52e-2.1

    QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

  • CVE-2024-45506Sep 4, 2024
    affected < 3.0.4+git0.7a59afa93-1.1fixed 3.0.4+git0.7a59afa93-1.1

    HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

  • CVE-2023-40225Aug 10, 2023
    affected < 2.8.2+git0.61a0f576a-2.1fixed 2.8.2+git0.61a0f576a-2.1

    HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAP

  • CVE-2023-25725Feb 14, 2023
    affected < 2.7.3+git0.1065b1000-1.1fixed 2.7.3+git0.1065b1000-1.1

    HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers an

  • CVE-2022-0711Mar 2, 2022
    affected < 2.5.4+git0.e55ab4208-1.1fixed 2.5.4+git0.e55ab4208-1.1

    A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from

  • CVE-2021-40346Sep 8, 2021
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

  • CVE-2021-39240Aug 17, 2021
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from wh

  • CVE-2020-11100Apr 2, 2020
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

  • CVE-2019-18277Oct 23, 2019
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct a

  • CVE-2019-14241Jul 23, 2019
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.

  • CVE-2018-20615Mar 18, 2019
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length

  • CVE-2018-20103Dec 12, 2018
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

  • CVE-2018-14645HigSep 21, 2018
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

  • CVE-2018-11469MedMay 25, 2018
    affected < 2.4.4+git0.acb1d0bea-1.2fixed 2.4.4+git0.acb1d0bea-1.2

    Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability func

  • CVE-2015-3281Jul 6, 2015
    affected < 1.7.0-1.1fixed 1.7.0-1.1

    The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted

Page 1 of 2