CVE-2014-6269

2014-09-3014:55:11

CWE-189

[email protected]

web.nvd.nist.gov

cve-2014-6269

integer overflow

http_request_forward_body

haproxy

denial of service

buffer overflow

out-of-bounds read

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.056 Low

EPSS

Percentile

93.3%

JSON

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.

Affected configurations

NVD

Node

haproxyhaproxyMatch1.5dev23

haproxyhaproxyMatch1.5dev24

haproxyhaproxyMatch1.5dev25

haproxyhaproxyMatch1.5dev26

haproxyhaproxyMatch1.5.0

haproxyhaproxyMatch1.5.1

haproxyhaproxyMatch1.5.2

haproxyhaproxyMatch1.5.3

CPENameOperatorVersion
haproxy:haproxyhaproxyeq1.5
haproxy:haproxyhaproxyeq1.5.0
haproxy:haproxyhaproxyeq1.5.1
haproxy:haproxyhaproxyeq1.5.2
haproxy:haproxyhaproxyeq1.5.3