Lucene search
K

2078 matches found

CVE
CVE
β€’added 2026/06/18 4:5 p.m.β€’53 views

CVE-2026-55203

HAProxy

9.1CVSS5.6AI score0.00321EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
β€’added 2026/06/18 4:5 p.m.β€’6 views

CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS6.1AI score0.00321EPSS
Exploits0References2
Debian CVE
Debian CVE
β€’added 2026/06/18 4:5 p.m.β€’8 views

CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS5.6AI score0.00321EPSS
Exploits0
Cvelist
Cvelist
β€’added 2026/06/18 4:5 p.m.β€’23 views

CVE-2026-55203 HAProxy - Integer Overflow in FCGI Demux Record Length Field

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9CVSS0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/06/18 12:0 a.m.β€’18 views

PT-2026-50708

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 3.4.0 Description A null pointer dereference occurs in the hpack dht insert function within src/hpack-tbl.c because the return value of hpack dht defrag is not validated when the memory pool is exhausted. An attacker...

9.1CVSS5.9AI score0.00431EPSS
Exploits0References25
RedHat Linux
RedHat Linux
β€’added 2026/06/17 11:5 p.m.β€’9 views

netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References7
RedHat Linux
RedHat Linux
β€’added 2026/06/17 11:5 p.m.β€’9 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References7
RedHat Linux
RedHat Linux
β€’added 2026/06/17 4:18 p.m.β€’12 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References7
RedHat Linux
RedHat Linux
β€’added 2026/06/17 4:18 p.m.β€’10 views

netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References7
RedHat Linux
RedHat Linux
β€’added 2026/06/17 3:45 p.m.β€’9 views

netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References7
RedHat Linux
RedHat Linux
β€’added 2026/06/17 3:45 p.m.β€’17 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.33.2.SP1 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

10CVSS5.5AI score0.00606EPSS
Exploits2References5
SUSE CVE
SUSE CVE
β€’added 2026/06/16 2:20 a.m.β€’9 views

SUSE CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
β€’added 2026/06/13 2:34 a.m.β€’13 views

CVE-2026-48059

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.1AI score0.00606EPSS
Exploits0References6
RedhatCVE
RedhatCVE
β€’added 2026/06/13 2:34 a.m.β€’15 views

CVE-2026-44893

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5AI score0.00594EPSS
Exploits0References6
NVD
NVD
β€’added 2026/06/12 4:16 p.m.β€’13 views

CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS0.00606EPSS
Exploits0References10
NVD
NVD
β€’added 2026/06/12 3:16 p.m.β€’10 views

CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS0.00594EPSS
Exploits0References10
OSV
OSV
β€’added 2026/06/12 3:16 p.m.β€’6 views

UBUNTU-CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References5
Vulnrichment
Vulnrichment
β€’added 2026/06/12 2:42 p.m.β€’9 views

CVE-2026-48059 Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References3
CVE
CVE
β€’added 2026/06/12 2:42 p.m.β€’74 views

CVE-2026-48059

Netty HAProxy: In Netty’s HAProxy PROXY protocol v2 codec, a memory leak occurs on each connection when a syntactically valid nested PP2_TYPE_SSL TLV (depth β‰₯ 2) is provided. This affects Netty versions 4.1.135.Final and 4.2.15.Final. The leak happens on the successful parse path: the message is ...

8.7CVSS5.5AI score0.00606EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
β€’added 2026/06/12 2:42 p.m.β€’29 views

CVE-2026-48059 Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS0.00606EPSS
Exploits0References3
Rows per page
Query Builder