haproxy 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and パス処理の欠陥 などに関し、一部は vendor impact unexpected behavior を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2018-20103 | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. | [email protected] | 7.5 | 6.59% | 2018-12-12 | 2024-11-21 |
| CVE-2018-20102 | An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. | [email protected] | 7.5 | 4.35% | 2018-12-12 | 2024-11-21 |
| CVE-2018-14645 | A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. | [email protected] | 7.5 | 2.98% | 2018-09-21 | 2024-11-21 |
| CVE-2018-11469 | Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | [email protected] | 5.9 | 3.06% | 2018-05-25 | 2024-11-21 |
| CVE-2018-10184 | An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for c | [email protected] | 7.5 | 8.43% | 2018-05-09 | 2024-11-21 |
| CVE-2016-2102 | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | [email protected] | 5.3 | 2.01% | 2017-08-22 | 2026-05-13 |
| CVE-2016-5360 | HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. | [email protected] | 7.5 | 42.19% | 2016-06-30 | 2026-05-06 |
| CVE-2015-3281 | The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. | [email protected] | 5.0 | 4.24% | 2015-07-06 | 2026-05-06 |
| CVE-2014-6269 | Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. | [email protected] | 5.0 | 3.81% | 2014-09-30 | 2026-05-06 |
| CVE-2013-2175 | HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. | [email protected] | 5.0 | 3.49% | 2013-08-19 | 2026-04-29 |
| CVE-2013-1912 | Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. | [email protected] | 5.1 | 5.42% | 2013-04-10 | 2026-04-29 |
| CVE-2012-2942 | Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. | [email protected] | 5.1 | 5.41% | 2012-05-27 | 2026-04-29 |