rpm package
suse/haproxy&distro=SUSE Linux Enterprise Micro 5.5
pkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11230 | — | < 2.4.22+git0.f8e3218e2-150400.3.25.1 | 2.4.22+git0.f8e3218e2-150400.3.25.1 | Nov 19, 2025 | Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. | ||
| CVE-2025-32464 | Med | 6.8 | < 2.4.22+git0.f8e3218e2-150400.3.22.1 | 2.4.22+git0.f8e3218e2-150400.3.22.1 | Apr 9, 2025 | HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. | |
| CVE-2023-45539 | — | < 2.4.22+git0.f8e3218e2-150400.3.19.1 | 2.4.22+git0.f8e3218e2-150400.3.19.1 | Nov 28, 2023 | HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. |
- CVE-2025-11230Nov 19, 2025affected < 2.4.22+git0.f8e3218e2-150400.3.25.1fixed 2.4.22+git0.f8e3218e2-150400.3.25.1
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.
- affected < 2.4.22+git0.f8e3218e2-150400.3.22.1fixed 2.4.22+git0.f8e3218e2-150400.3.22.1
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
- CVE-2023-45539Nov 28, 2023affected < 2.4.22+git0.f8e3218e2-150400.3.19.1fixed 2.4.22+git0.f8e3218e2-150400.3.19.1
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.