Buffer overflow in HAProxy 1.4 up to and including 1.4.22 and 1.5-dev up to and including 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haproxy haproxy 1.4 |
||
haproxy haproxy 1.4.20 |
||
haproxy haproxy 1.4.22 |
||
haproxy haproxy 1.5 |