CVE-2013-2175

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
debiandebian_linux
6.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
redhatenterprise_linux_load_balancer
6.0
redhatenterprise_linux_load_balancer
6.4
haproxyhaproxy
1.4
haproxyhaproxy
1.4.0
haproxyhaproxy
1.4.1
haproxyhaproxy
1.4.2
haproxyhaproxy
1.4.3
haproxyhaproxy
1.4.4
haproxyhaproxy
1.4.5
haproxyhaproxy
1.4.6
haproxyhaproxy
1.4.7
haproxyhaproxy
1.4.8
haproxyhaproxy
1.4.9
haproxyhaproxy
1.4.10
haproxyhaproxy
1.4.11
haproxyhaproxy
1.4.12
haproxyhaproxy
1.4.13
haproxyhaproxy
1.4.14
haproxyhaproxy
1.4.15
haproxyhaproxy
1.4.16
haproxyhaproxy
1.4.17
haproxyhaproxy
1.4.18
haproxyhaproxy
1.4.19
haproxyhaproxy
1.4.20
haproxyhaproxy
1.4.21
haproxyhaproxy
1.4.22
haproxyhaproxy
1.4.23
haproxyhaproxy
1.5:dev
haproxyhaproxy
1.5:dev0
haproxyhaproxy
1.5:dev1
haproxyhaproxy
1.5:dev10
haproxyhaproxy
1.5:dev11
haproxyhaproxy
1.5:dev12
haproxyhaproxy
1.5:dev13
haproxyhaproxy
1.5:dev14
haproxyhaproxy
1.5:dev15
haproxyhaproxy
1.5:dev16
haproxyhaproxy
1.5:dev17
haproxyhaproxy
1.5:dev18
haproxyhaproxy
1.5:dev2
haproxyhaproxy
1.5:dev3
haproxyhaproxy
1.5:dev4
haproxyhaproxy
1.5:dev5
haproxyhaproxy
1.5:dev6
haproxyhaproxy
1.5:dev7
haproxyhaproxy
1.5:dev8
haproxyhaproxy
1.5:dev9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
haproxy
bullseye (security)
2.2.9-2+deb11u6
fixed
bullseye
2.2.9-2+deb11u6
fixed
bookworm
2.6.12-1+deb12u1
fixed
bookworm (security)
2.6.12-1+deb12u1
fixed
sid
2.9.11-1
fixed
trixie
2.9.11-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
haproxy
raring
Fixed 1.4.18-0ubuntu3.1
released
quantal
Fixed 1.4.18-0ubuntu2.2
released
precise
Fixed 1.4.18-0ubuntu1.2
released
lucid
ignored
Common Weakness Enumeration
References
http://marc.info/?l=haproxy&m=137147915029705&w=2
http://rhn.redhat.com/errata/RHSA-2013-1120.html
http://rhn.redhat.com/errata/RHSA-2013-1204.html
http://secunia.com/advisories/54344
http://www.debian.org/security/2013/dsa-2711
http://www.ubuntu.com/usn/USN-1889-1
https://bugzilla.redhat.com/show_bug.cgi?id=974259
http://marc.info/?l=haproxy&m=137147915029705&w=2
http://rhn.redhat.com/errata/RHSA-2013-1120.html
http://rhn.redhat.com/errata/RHSA-2013-1204.html
http://secunia.com/advisories/54344
http://www.debian.org/security/2013/dsa-2711
http://www.ubuntu.com/usn/USN-1889-1
https://bugzilla.redhat.com/show_bug.cgi?id=974259