CVE-2012-2942

🗓️ 27 May 2012 00:00:00Reported by ubuntu.comType

Buffer overflow in HAProxy before version 1.4.21 allows remote attackers to cause denial of service and execute arbitrary code when header rewriting is enabled and global.tune.bufsize is set to a value greater than default

Reporter	Title	Published	Views	Family All 38
Tenable Nessus	HAProxy Trash Buffer Overflow Vulnerability	1 Jul 201300:00	–	nessus
Tenable Nessus	Debian DSA-2711-1 : haproxy - several vulnerabilities	20 Jun 201300:00	–	nessus
Tenable Nessus	Fedora 18 : haproxy-1.4.22-1.fc18 (2012-16023)	16 Oct 201200:00	–	nessus
Tenable Nessus	Fedora 17 : haproxy-1.4.22-1.fc17 (2012-16033)	23 Oct 201200:00	–	nessus
Tenable Nessus	Fedora 16 : haproxy-1.4.22-1.fc16 (2012-16056)	23 Oct 201200:00	–	nessus
Tenable Nessus	FreeBSD : haproxy -- buffer overflow (617959ce-a5f6-11e1-a284-0023ae8e59f0)	29 May 201200:00	–	nessus
Tenable Nessus	GLSA-201301-02 : HAProxy: Arbitrary code execution	9 Jan 201300:00	–	nessus
Tenable Nessus	HAProxy Trash Buffer Overflow Vulnerability	29 Jun 201200:00	–	nessus
Tenable Nessus	Ubuntu 11.10 / 12.04 LTS / 12.10 : haproxy vulnerabilities (USN-1800-1)	16 Apr 201300:00	–	nessus
CVE	CVE-2012-2942	27 May 201220:00	–	cve

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	11.10	any	haproxy	1.4.15-1ubuntu0.1	haproxy_1.4.15-1ubuntu0.1_any.deb
Ubuntu	12.04	any	haproxy	1.4.18-0ubuntu1.1	haproxy_1.4.18-0ubuntu1.1_any.deb
Ubuntu	12.10	any	haproxy	1.4.18-0ubuntu2.1	haproxy_1.4.18-0ubuntu2.1_any.deb
Ubuntu	13.04	any	haproxy	1.4.18-0ubuntu3	haproxy_1.4.18-0ubuntu3_any.deb

Source	Link
xforce	www.xforce.iss.net/xforce/xfdb/75777
secunia	www.secunia.com/advisories/49261
haproxy	www.haproxy.1wt.eu/download/1.4/src/CHANGELOG
seclists	www.seclists.org/oss-sec/2012/q2/417
ubuntu	www.ubuntu.com/security/notices/USN-1800-1
cve	www.cve.org/CVERecord

24 Jul 2024 15:57Current

6.4Medium risk

Vulners AI Score6.4

CVSS 25.1

EPSS0.00198