Msrc Cbl2 Haproxy 2.4.24-1 On Cbl Mariner 2.0 vulnerabilities

5 known vulnerabilities affecting msrc/cbl2_haproxy_2.4.24-1_on_cbl_mariner_2.0.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-11230HIGHCVSS 7.52025-11-11
CVE-2025-11230 [HIGH] CWE-407 Denial of service vulnerability in HAProxy mjson library Denial of service vulnerability in HAProxy mjson library Mariner: Mariner canonical: canonical Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2025-32464MEDIUMCVSS 6.82025-04-08
CVE-2025-32464 [MEDIUM] CWE-1025 HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer on HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. FAQ: Is Azure Linux the only Microsoft product that includes t
msrc
CVE-2024-49214MEDIUMCVSS 5.32024-10-08
CVE-2024-49214 [MEDIUM] QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality. QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality. FAQ: Is Azure Linux the only Microsoft product that includes this open-source libra
msrc
CVE-2023-45539HIGHCVSS 8.22023-11-14
CVE-2023-45539 [HIGH] HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end ru HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. FAQ: Is Azure Linux
msrc
CVE-2023-40225HIGHCVSS 7.22023-08-08
CVE-2023-40225 [HIGH] CWE-444 HAProxy through 2.0.32 2.1.x and 2.2.x through 2.2.30 2.3.x and 2.4.x through 2.4.23 2.5.x and 2.6.x before 2.6.15 2.7.x before 2.7.10 and 2.8.x before 2.8.2 forwards empty Content-Length headers viol HAProxy through 2.0.32 2.1.x and 2.2.x through 2.2.30 2.3.x and 2.4.x through 2.4.23 2.5.x and 2.6.x before 2.6.15 2.7.x before 2.7.10 and 2.8.x before 2.8.2 forwards empty Content-Length headers violating RFC 9110 section 8.6. In uncommon cases an HTTP/1 server behind
msrc