Buffer overflow in the trash buffer in the header capture functionality in
HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater
than the default and header rewriting is enabled, allows remote attackers
to cause a denial of service and possibly execute arbitrary code via
unspecified vectors.
Author | Note |
---|---|
mdeslaur | CVE-2012-2391 was a duplicate of this CVE and got rejected. |
haproxy.1wt.eu/download/1.4/src/CHANGELOG
seclists.org/oss-sec/2012/q2/417
secunia.com/advisories/49261
xforce.iss.net/xforce/xfdb/75777
launchpad.net/bugs/cve/CVE-2012-2942
nvd.nist.gov/vuln/detail/CVE-2012-2942
security-tracker.debian.org/tracker/CVE-2012-2942
ubuntu.com/security/notices/USN-1800-1
www.cve.org/CVERecord?id=CVE-2012-2942