Astra Linux - уязвимость в haproxy

HAProxy versions 2.0.32, 2.1.x, and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 send empty Content-Length headers, violating section 8.6 of RFC 9110. In rare cases, an HTTP/1 server behind HAPProxy may interpret...

EUVD-2026-21997

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

EUVD-2025-198149

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

The vulnerability of the server software HAProxy, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the server software HAProxy is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

haproxy: Denial of service via set-cookie2 header

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerabili...

ALPINE-CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerabili...

USN-4174-1 haproxy vulnerability

It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation Request Smuggling...