Lucene search
K

6 matches found

OSV
OSV
added 2026/06/29 5:40 a.m.3 views

BIT-HAPROXY-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 12:21 p.m.3 views

SUSE-SU-2026:2652-1 Security update for haproxy

This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within...

9.1CVSS6AI score0.00431EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 12:18 p.m.3 views

SUSE-SU-2026:2651-1 Security update for haproxy

This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within...

9.1CVSS6AI score0.00431EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 4:5 p.m.30 views

CVE-2026-55204

HAProxy CVE-2026-55204 affects HAProxy up to version 3.4.0. It describes a null pointer dereference in the function hpack_dht_insert (in src/hpack-tbl.c) that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. Under memory pressure, HPACK dynamic table ins...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/13 12:0 a.m.4 views

The vulnerability of the hpack_dht_insert function in the HAProxy networking software library, located in the hpack-tbl.c file, allows for unauthorized access to confidential data by exceeding the allowed buffer size. This vulnerability enables attackers to cause service failures or compromise data integrity.

The vulnerability of the hpackdhtinsert function in the HAProxy networking software library is related to the execution of operations within acceptable buffer data limits. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential data, cause service failure...

9CVSS7.7AI score0.60727EPSS
Exploits0References9Affected Software7
OSV
OSV
added 2020/04/02 3:15 p.m.30 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS4.8AI score
Exploits0References14
Rows per page
Query Builder