CVE-2015-3281
06.07.2015, 15:59
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.Enginsight
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| haproxy | haproxy | 1.5:dev |
| haproxy | haproxy | 1.5:dev0 |
| haproxy | haproxy | 1.5:dev1 |
| haproxy | haproxy | 1.5:dev10 |
| haproxy | haproxy | 1.5:dev11 |
| haproxy | haproxy | 1.5:dev12 |
| haproxy | haproxy | 1.5:dev13 |
| haproxy | haproxy | 1.5:dev14 |
| haproxy | haproxy | 1.5:dev15 |
| haproxy | haproxy | 1.5:dev16 |
| haproxy | haproxy | 1.5:dev17 |
| haproxy | haproxy | 1.5:dev18 |
| haproxy | haproxy | 1.5:dev19 |
| haproxy | haproxy | 1.5:dev2 |
| haproxy | haproxy | 1.5:dev3 |
| haproxy | haproxy | 1.5:dev4 |
| haproxy | haproxy | 1.5:dev5 |
| haproxy | haproxy | 1.5:dev6 |
| haproxy | haproxy | 1.5:dev7 |
| haproxy | haproxy | 1.5:dev8 |
| haproxy | haproxy | 1.5:dev9 |
| haproxy | haproxy | 1.5.0 |
| haproxy | haproxy | 1.5.1 |
| haproxy | haproxy | 1.5.2 |
| haproxy | haproxy | 1.5.3 |
| haproxy | haproxy | 1.5.4 |
| haproxy | haproxy | 1.5.5 |
| haproxy | haproxy | 1.5.6 |
| haproxy | haproxy | 1.5.7 |
| haproxy | haproxy | 1.5.8 |
| haproxy | haproxy | 1.5.9 |
| haproxy | haproxy | 1.5.10 |
| haproxy | haproxy | 1.5.11 |
| haproxy | haproxy | 1.5.12 |
| haproxy | haproxy | 1.5.13 |
| haproxy | haproxy | 1.6:dev0 |
| canonical | ubuntu_linux | 14.10 |
| canonical | ubuntu_linux | 15.04 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.1 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References