CVE-2014-6269

EUVD-2014-6155
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
haproxyhaproxy
1.5:dev23
haproxyhaproxy
1.5:dev24
haproxyhaproxy
1.5:dev25
haproxyhaproxy
1.5:dev26
haproxyhaproxy
1.5.0
haproxyhaproxy
1.5.1
haproxyhaproxy
1.5.2
haproxyhaproxy
1.5.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
haproxy
bookworm
2.6.12-1+deb12u1
fixed
bookworm (security)
2.6.12-1+deb12u1
fixed
bullseye
2.2.9-2+deb11u6
fixed
bullseye (security)
2.2.9-2+deb11u6
fixed
sid
2.9.11-1
fixed
squeeze
not-affected
trixie
2.9.11-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
haproxy
lucid
not-affected
precise
not-affected
trusty
dne
Common Weakness Enumeration
References
http://article.gmane.org/gmane.comp.web.haproxy/17726
http://article.gmane.org/gmane.comp.web.haproxy/18097
http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commitdiff%3Bh=b4d05093bc89f71377230228007e69a1434c1a0c
http://rhn.redhat.com/errata/RHSA-2014-1292.html
http://secunia.com/advisories/59936
http://secunia.com/advisories/61507
http://www.openwall.com/lists/oss-security/2014/09/09/23
http://article.gmane.org/gmane.comp.web.haproxy/17726
http://article.gmane.org/gmane.comp.web.haproxy/18097
http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commitdiff%3Bh=b4d05093bc89f71377230228007e69a1434c1a0c
http://rhn.redhat.com/errata/RHSA-2014-1292.html
http://secunia.com/advisories/59936
http://secunia.com/advisories/61507
http://www.openwall.com/lists/oss-security/2014/09/09/23