Known Vulnerabilities for products from Haproxy
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Haproxy".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smug... | 7.5 - HIGH | 2021-09-08 | 2023-11-07 |
| CVE-2021-39242 | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation wit... | 7.5 - HIGH | 2021-08-17 | 2023-11-07 |
| CVE-2021-39241 | An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP met... | 5.3 - MEDIUM | 2021-08-17 | 2023-11-07 |
| CVE-2021-39240 | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the sc... | 7.5 - HIGH | 2021-08-17 | 2023-11-07 |
| CVE-2020-11100 | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write ... | 8.8 - HIGH | 2020-04-02 | 2023-11-07 |
| CVE-2019-19330 | The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), li... | 9.8 - CRITICAL | 2019-11-27 | 2023-11-07 |
| CVE-2019-18277 | A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked"... | 7.5 - HIGH | 2019-10-23 | 2023-11-07 |
| CVE-2019-14243 | headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.... | 7.5 - HIGH | 2019-07-23 | 2019-12-16 |
| CVE-2019-14241 | HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_... | 7.5 - HIGH | 2019-07-23 | 2020-08-24 |
| CVE-2019-11323 | HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC k... | 5.9 - MEDIUM | 2019-05-09 | 2023-11-07 |
| CVE-2018-20615 | An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can ... | 7.5 - HIGH | 2019-03-21 | 2023-11-07 |
| CVE-2018-20103 | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger... | 7.5 - HIGH | 2018-12-12 | 2023-11-07 |
| CVE-2018-20102 | An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check ... | 7.5 - HIGH | 2018-12-12 | 2023-11-07 |
| CVE-2018-14645 | A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access i... | 7.5 - HIGH | 2018-09-21 | 2023-11-07 |
| CVE-2018-11469 | Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled... | 5.9 - MEDIUM | 2018-05-25 | 2023-11-07 |
| CVE-2018-10184 | An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting ... | 7.5 - HIGH | 2018-05-09 | 2023-11-07 |
| CVE-2016-5360 | HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (unin... | 7.5 - HIGH | 2016-06-30 | 2023-11-07 |
| CVE-2016-2102 | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | 5.3 - MEDIUM | 2017-08-22 | 2017-08-29 |
| CVE-2015-3281 | The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used f... | 5 - MEDIUM | 2015-07-06 | 2023-02-13 |
| CVE-2014-6269 | Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow ... | 5 - MEDIUM | 2014-09-30 | 2023-11-07 |
Known software with vulnerabilities from Haproxy
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Haproxy | Haproxy | - |
| Application | Haproxy | Proxyprotocol | - |