Astra Linux – Vulnerability in HAPProxy

HAProxy versions 2.0.32, 2.1.x, and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 send empty Content-Length headers, violating section 8.6 of RFC 9110. In rare cases, an HTTP/1 server behind HAPProxy may interpret...

EUVD-2026-21997

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

EUVD-2025-198149

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

The vulnerability of the server software HAProxy, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the server software HAProxy is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

haproxy: Denial of service via set-cookie2 header

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerabili...

ALPINE-CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerabili...

USN-4174-1 haproxy vulnerability

It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation Request Smuggling...