Total vulnerabilities in the database
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
| Software | From | Fixed in |
|---|---|---|
| haproxy / haproxy | 1.5-dev | 1.5-dev.x |
| haproxy / haproxy | 1.4 | 1.4.x |
| haproxy / haproxy | 1.4.20 | 1.4.20.x |
| haproxy / haproxy | 1.5-dev17 | 1.5-dev17.x |
| haproxy / haproxy | 1.4.22 | 1.4.22.x |