VYPR

rpm package

suse/haproxy&distro=SUSE Linux Enterprise High Availability Extension 15 SP6

pkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6

Vulnerabilities (4)

  • CVE-2026-33555MedApr 13, 2026
    affected < 2.8.11+git0.01c1056a4-150600.3.12.1fixed 2.8.11+git0.01c1056a4-150600.3.12.1

    An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend serv

  • CVE-2025-11230Nov 19, 2025
    affected < 2.8.11+git0.01c1056a4-150600.3.9.1fixed 2.8.11+git0.01c1056a4-150600.3.9.1

    Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

  • CVE-2025-32464MedApr 9, 2025
    affected < 2.8.11+git0.01c1056a4-150600.3.6.1fixed 2.8.11+git0.01c1056a4-150600.3.6.1

    HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

  • CVE-2024-53008MedNov 28, 2024
    affected < 2.8.11+git0.01c1056a4-150600.3.3.1fixed 2.8.11+git0.01c1056a4-150600.3.3.1

    Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obt