CVE-2025-32464Comparison Using Wrong Factors in Haproxy

CWE-1025Comparison Using Wrong Factors8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
3.3%
top 12.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
HaproxyDebian HaproxyMsrc Azl3 Haproxy 2.9.11-3 ON Azure Linux 3.0+1 more
Timeline
PublishedApr 9
Latest updateApr 23

Description

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages5 packages

debiandebian/haproxy< haproxy 2.6.12-1+deb12u2 (bookworm)
Debianhaproxy/haproxy< 2.2.9-2+deb11u7+3
CVEListV5haproxy/haproxy2.23.1.6

🔴Vulnerability Details

2
GHSA
GHSA-frg5-h47x-75j9: HAProxy 22025-04-09
OSV
CVE-2025-32464: HAProxy 22025-04-09

📋Vendor Advisories

5
Ubuntu
HAProxy vulnerability2025-04-23
Ubuntu
HAProxy vulnerability2025-04-10
Red Hat
haproxy: Buffer Overflow via Improper Back-Reference Replacement Length Check2025-04-09
Microsoft
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer on2025-04-08
Debian
CVE-2025-32464: haproxy - HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv...2025