CVE Vulnerabilities

CVE-2014-6269

Published: Sep 30, 2014 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.

Affected Software

Name Vendor Start Version End Version
Haproxy Haproxy 1.5-dev23 (including) 1.5-dev23 (including)
Haproxy Haproxy 1.5-dev24 (including) 1.5-dev24 (including)
Haproxy Haproxy 1.5-dev25 (including) 1.5-dev25 (including)
Haproxy Haproxy 1.5-dev26 (including) 1.5-dev26 (including)
Haproxy Haproxy 1.5.0 (including) 1.5.0 (including)
Haproxy Haproxy 1.5.1 (including) 1.5.1 (including)
Haproxy Haproxy 1.5.2 (including) 1.5.2 (including)
Haproxy Haproxy 1.5.3 (including) 1.5.3 (including)

References