Debian Haproxy vulnerabilities

CVE-2020-11100 [HIGH] CVE-2020-11100: haproxy - In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2... In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Scope: local bookworm: resolved (fixed in 2.0.13-2) bullseye: resolved (fixed in 2.0.13-2) forky: resolved (fixed in 2.

CVE-2019-19330 [CRITICAL] CVE-2019-19330: haproxy - The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demons... The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. Scope: local bookworm: resolved (fixed in 2.0.10-1) bullseye: resolved (fixed in 2.0.10-1) forky: resolved (fixed in 2.0.10-1) sid: r

CVE-2019-18277 [HIGH] CVE-2019-18277: haproxy - A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a t... A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parse

CVE-2019-11323 [MEDIUM] CVE-2019-11323: haproxy - HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use o... HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-14241 [HIGH] CVE-2019-14241: haproxy - HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) v... HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-20103 [HIGH] CVE-2018-20103: haproxy - An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a com... An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. Scope: local bookworm: resolved (fixed in 1.8.15-1) bullseye: resolved (fixed in 1.8.15-1) forky: resolved (fixe

CVE-2018-10184 [HIGH] CVE-2018-10184: haproxy - An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length wa... An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary a

CVE-2018-20615 [HIGH] CVE-2018-20615: haproxy - An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAP... An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. Scope: local bookworm:

CVE-2018-20102 [HIGH] CVE-2018-20102: haproxy - An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HA... An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 81

CVE-2018-14645 [HIGH] CVE-2018-14645: haproxy - A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is us... A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. Scope: local bookworm: resolved (fixed in 1.8.13-2) bullseye: resolved (fixed in 1.8.13-2) forky: resolved (fixed in 1.8.13-2) sid: resolved (fixed in 1.8.13-2) trixie: reso

CVE-2018-11469 [MEDIUM] CVE-2018-11469: haproxy - Incorrect caching of responses to requests including an Authorization header in ... Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. Scope: local bookworm: resolved (fixed in 1.8.9-2) bullseye: resolved (fixed in

CVE-2016-5360 [HIGH] CVE-2016-5360: haproxy - HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote... HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 1.6.5-2) bullseye: resolved (fixed in 1.6.5-2) forky: resolved (fixed in 1.6.5-2) sid: resolved (fixed in

CVE-2015-3281 [MEDIUM] CVE-2015-3281: haproxy - The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does... The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. Scope: local bookworm: resolved (fixed in 1.5.14-1) bullseye: resolved (fixed i

CVE-2014-6269 [MEDIUM] CVE-2014-6269: haproxy - Multiple integer overflows in the http_request_forward_body function in proto_ht... Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.5.4-1) bullseye: resolved (fixed in 1.5.4-1) forky: resol

CVE-2013-1912 [MEDIUM] CVE-2013-1912: haproxy - Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, whe... Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request re

CVE-2013-2175 [MEDIUM] CVE-2013-2175: haproxy - HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_i... HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. Scope: local bookworm: resolved (fixed i

CVE-2012-2942 [MEDIUM] CVE-2012-2942: haproxy - Buffer overflow in the trash buffer in the header capture functionality in HAPro... Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.4.23-1) bul