Published: 27/05/2012 Updated: 29/08/2017
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

Buffer overflow in the trash buffer in the header capture functionality in HAProxy prior to 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via unspecified vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

haproxy haproxy

Vendor Advisories

HAProxy could be made to crash or run programs if it received specially crafted network traffic ...
Debian Bug report logs - #674447 CVE-2012-2942 Package: haproxy; Maintainer for haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Source for haproxy is src:haproxy (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 24 May 2012 18:09:01 UTC Severity: grave Tags: patch, ...
Debian Bug report logs - #704611 haproxy: CVE-2013-1912: crash on TCP content inspection rules Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Apr 2013 14:54:02 UTC Severity: important Tags ...
Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code CVE-2013-1912 Buffer overflow in the HTTP keepalive code CVE-2013-2175 Denial of service in parsing HTTP headers For the oldstable distribution (squeeze), these problems have been fixed in ve ...