rpm package
suse/haproxy&distro=SUSE Linux Enterprise High Availability Extension 15 SP7
pkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33555 | Med | 4.0 | < 2.8.11+git0.01c1056a4-150600.3.12.1 | 2.8.11+git0.01c1056a4-150600.3.12.1 | Apr 13, 2026 | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend serv | |
| CVE-2025-11230 | — | < 2.8.11+git0.01c1056a4-150600.3.9.1 | 2.8.11+git0.01c1056a4-150600.3.9.1 | Nov 19, 2025 | Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. |
- affected < 2.8.11+git0.01c1056a4-150600.3.12.1fixed 2.8.11+git0.01c1056a4-150600.3.12.1
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend serv
- CVE-2025-11230Nov 19, 2025affected < 2.8.11+git0.01c1056a4-150600.3.9.1fixed 2.8.11+git0.01c1056a4-150600.3.9.1
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.