HaProxy HTTP Request Smuggling (CVE-2019-18277)

An Improper Input Validation exists in HaProxy. Messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. Successful exploitation could result in HTTP request smuggling vulnerability...

The vulnerability of the dns.c component in the HAProxy network software, related to the execution of a loop with an unavailable exit condition, allows a attacker to cause a service failure.

The vulnerability of the dns.c component in the HAProxy network software is related to its ability to enter an infinite loop when certain input data is provided. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the `dns_validate_dns_response` function in the `dns.c` component of the HAProxy network software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the dnsvalidatednsresponse function in the dns.c component of the HAProxy network software arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to...

The vulnerability of the HTTP/2 network software decoder in HAProxy allows a attacker to cause a service failure.

The vulnerability of the HTTP/2 network software decoder in HAProxy arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to cause a service failure using a specially created package...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2020-1757)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : haproxy (EulerOS-SA-2020-1757)

According to the version of the haproxy package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the 'chunked' value...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2020-1709)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

haproxy:fuzz_cfg_parser: Heap-buffer-overflow in memvprintf

Project: https://github.com/haproxy/haproxy.git Detailed Report: https://oss-fuzz.com/testcase?key=4899181834797056 Project: haproxy Fuzzing Engine: afl Fuzz Target: fuzzcfgparser Job Type: aflasanhaproxy Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x619000000510 Cra...

EulerOS Virtualization for ARM 64 3.0.6.0 : haproxy (EulerOS-SA-2020-1709)

According to the version of the haproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can writ...

haproxy:fuzz_cfg_parser: Heap-buffer-overflow in readcfgfile

Project: https://github.com/haproxy/haproxy.git Detailed Report: https://oss-fuzz.com/testcase?key=5702089866215424 Project: haproxy Fuzzing Engine: libFuzzer Fuzz Target: fuzzcfgparser Job Type: libfuzzerasanhaproxy Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address:...

HTTP Request Smuggling

haproxy is vulnerable to HTTP request smuggling. The vulnerability exists as the transfer-encoding header containing an obfuscated "chunked" value...

haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

Moderate: Red Hat Security Advisory: rh-haproxy18-haproxy security, bug fix, and enhancement update

An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EulerOS 2.0 SP8 : haproxy (EulerOS-SA-2020-1580)

According to the version of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2020-1580)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the hpack_dht_insert function in the HAProxy networking software library, located in the hpack-tbl.c file, allows for unauthorized access to confidential data by exceeding the allowed buffer size. This vulnerability enables attackers to cause service failures or compromise data integrity.

The vulnerability of the hpackdhtinsert function in the HAProxy networking software library is related to the execution of operations within acceptable buffer data limits. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential data, cause service failure...

The vulnerability of the server software HAProxy arises from improper handling of HTTP headers during the conversion from HTTP/2 to HTTP/1. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of server software such as HAProxy stems from improper handling of HTTP headers during the conversion from HTTP/2 to HTTP/1. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service failures...

CRLF Injection

haproxy is vulnerable to CRLF injection. The HTTP/2 implementation is vulnerable to intermediary encapsulation attacks due to lack of validation for CRLF characters, zero and null characters in headers,...

haproxy security, bug fix, and enhancement update

1.8.23-3 - Fix hapack zero byte input causing overwrite CVE-2020-11100, 1819519 1.8.23-2 - Consider exist status 143 as success 1778844 1.8.23-1 - Update to 1.8.23 1774745...