EUVD-2026-36457

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

PT-2026-47604

Name of the Vulnerable Software and Affected Versions netty-codec-haproxy versions prior to 4.1.135.Final netty-codec-haproxy versions prior to 4.2.15.Final Description An issue exists when decoding a PP2 TYPE SSL TLV Type-Length-Value where the readNextTLV function in HAProxyMessage calls...

Astra Linux – Vulnerability in Netty

The Netty project is an event-driven, asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError could occur when parsing a malformed message due to infinite recursion. This issue has been fixed in version 4.1.86.Final. There is no workaround, except by...

EUVD-2025-36426

Keycloak unable to restrict access to the admin console...

CVE-2025-10939

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.2 security update

Important: Red Hat OpenShift GitOps v1.17.2 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-7180: Redis HA Proxy pod fails to start with Security Context error GITOPS-7331: operator controller logs error when console link is disabled...

SUSE CVE-2025-11230

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

SUSE CVE-2025-32464

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

OESA-2023-2001 netty security update

Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no...

OESA-2023-2000 netty security update

Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no...

DEBIAN-CVE-2023-25950

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...

SUSE CVE-2023-0836

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...

SUSE CVE-2016-5360

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

[SECURITY] Fedora 19 Update: haproxy-1.4.24-1.fc19

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

Fedora Update for haproxy FEDORA-2012-16056

Check for the Version of haproxy OpenVAS Vulnerability Test Fedora Update for haproxy FEDORA-2012-16056 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...