haproxy

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Reliable, high performance TCP/HTTP load balancer
Version 3.0.6-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2343 2.4.3-2 2.4.4-1 Medium Fixed
AVG-2304 2.4.2-1 2.4.3-1 Medium Fixed
AVG-1124 2.1.3-1 2.1.4-1 Critical Fixed
AVG-836 1.8.14-1 1.9.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-40346 AVG-2343 Medium Yes Insufficient validation
A bug has been found in the HTTP header name length encoding in the HTX representation of haproxy, by which the most significant bit of the name's length...
CVE-2021-39242 AVG-2304 Medium Yes Insufficient validation
An issue was discovered in HAProxy before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host...
CVE-2021-39241 AVG-2304 Medium Yes Insufficient validation
An issue was discovered in HAProxy before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a...
CVE-2021-39240 AVG-2304 Medium Yes Insufficient validation
An issue was discovered in HAProxy before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example,...
CVE-2020-11100 AVG-1124 Critical Yes Arbitrary code execution
An out-of-bounds memory write has been found in HAProxy before 2.1.4, in the HPACK table management code.
CVE-2018-20103 AVG-836 Medium Yes Denial of service
A stack-exhaustion issue has been found in HAProxy before 1.8.15, in the dns_read_name() function in dns.c, where an infinite recursion can be triggered via...
CVE-2018-20102 AVG-836 Low Yes Denial of service
A stack-based out-of-bounds read has been found in HAProxy before 1.8.15, in the dns_validate_dns_response() function in dns.c, where it can be triggered by...

Advisories

Date Advisory Group Severity Type
08 Apr 2020 ASA-202004-7 AVG-1124 Critical arbitrary code execution
24 Jan 2019 ASA-201901-15 AVG-836 Medium denial of service