CVE-2013-1912Improper Restriction of Operations within the Bounds of a Memory Buffer in Haproxy

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
5.1MEDIUMNVD
EPSS
0.1%
top 65.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HaproxyDebian Haproxy
Timeline
PublishedApr 10
Latest updateMay 17

Description

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

debiandebian/haproxy< haproxy 1.4.23-1 (bookworm)
Debianhaproxy/haproxy< 1.4.23-1+3
NVDhaproxy/haproxy4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-xgv2-5whc-jjqv: Buffer overflow in HAProxy 12022-05-17
OSV
CVE-2013-1912: Buffer overflow in HAProxy 12013-04-10

📋Vendor Advisories

3
Ubuntu
HAProxy vulnerabilities2013-04-15
Red Hat
haproxy: rewrite rules flaw can lead to arbitrary code execution2013-04-02
Debian
CVE-2013-1912: haproxy - Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, whe...2013

💬Community

3
Bugzilla
CVE-2013-1912 haproxy: rewrite rules flaw can lead to arbitrary code execution [fedora-all]2013-04-03
Bugzilla
CVE-2013-1912 haproxy: rewrite rules flaw can lead to arbitrary code execution [epel-5]2013-04-03
Bugzilla
CVE-2013-1912 haproxy: rewrite rules flaw can lead to arbitrary code execution2013-04-02