Astra Linux - уязвимость в haproxy

In HAProxy versions 2.2 through 3.1.6, under certain unusual configurations, there is a heap-based buffer overflow due to improper handling of replacing multiple short patterns with a longer one...

Astra Linux - уязвимость в haproxy

A flaw was discovered in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets, leading to an infinite loop and ultimately causing a denial-of-service condition. The most significant threat from this...

CVE-2026-33555

A flaw was found in HAProxy. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP/3 request. The HTTP/3 parser fails to verify that the received body length matches the announced content-length when a stream is closed with an empty payload. This desynchronization...

EUVD-2019-8066

Malware in sbrugna...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

haproxy: Proxy forwards malformed empty Content-Length headers

A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

SUSE CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerabili...

haproxy: Denial of service via set-cookie2 header

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerabili...

OESA-2022-1578 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: A flaw was found i...

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

...

DEBIAN-CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerabili...

haproxy: an HTTP method name may contain a space followed by the name of a protected resource

haproxy has an input validation flaw that could allow a remote attacker to bypass implemented security restrictions. An HTTP method name may contain a space followed by the name of a protected resource. Given this, It is possible that an server would interpret this as a request for that protected...

haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes

A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...

haproxy: Setting cookie containing internal IP address of a pod

An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFTnamespaceSERVERID" was set, which contained the internal IP address of a pod...