CVE-2021-40346 |
AVG-2343 |
Medium |
Yes |
Insufficient validation |
A bug has been found in the HTTP header name length encoding in the HTX representation of haproxy, by which the most significant bit of the name's length... |
CVE-2021-39242 |
AVG-2304 |
Medium |
Yes |
Insufficient validation |
An issue was discovered in HAProxy before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host... |
CVE-2021-39241 |
AVG-2304 |
Medium |
Yes |
Insufficient validation |
An issue was discovered in HAProxy before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a... |
CVE-2021-39240 |
AVG-2304 |
Medium |
Yes |
Insufficient validation |
An issue was discovered in HAProxy before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example,... |
CVE-2020-11100 |
AVG-1124 |
Critical |
Yes |
Arbitrary code execution |
An out-of-bounds memory write has been found in HAProxy before 2.1.4, in the HPACK table management code. |
CVE-2018-20103 |
AVG-836 |
Medium |
Yes |
Denial of service |
A stack-exhaustion issue has been found in HAProxy before 1.8.15, in the dns_read_name() function in dns.c, where an infinite recursion can be triggered via... |
CVE-2018-20102 |
AVG-836 |
Low |
Yes |
Denial of service |
A stack-based out-of-bounds read has been found in HAProxy before 1.8.15, in the dns_validate_dns_response() function in dns.c, where it can be triggered by... |