CVE-2014-6269 — Uncontrolled Resource Consumption in Haproxy

CWE-189 CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 71.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haproxy Debian Haproxy

Timeline

PublishedSep 30

Latest updateMay 17

Description

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/haproxy< haproxy 1.5.4-1 (bookworm)

▶Debianhaproxy/haproxy< 1.5.4-1+3

▶NVDhaproxy/haproxy5 versions+4

🔴Vulnerability Details

GHSA

GHSA-932v-h827-3qvr: Multiple integer overflows in the http_request_forward_body function in proto_http↗2022-05-17

▶

OSV

CVE-2014-6269: Multiple integer overflows in the http_request_forward_body function in proto_http↗2014-09-30

▶

📋Vendor Advisories

Red Hat

haproxy: remote client denial of service vulnerability↗2014-08-05

▶

Debian

CVE-2014-6269: haproxy - Multiple integer overflows in the http_request_forward_body function in proto_ht...↗2014

▶

💬Community

Bugzilla

CVE-2014-6269 haproxy: remote client denial of service vulnerability↗2014-09-02

▶