Information on source package haproxy

Available versions

ReleaseVersion
jessie1.5.8-3+deb8u4
stretch1.7.5-2+deb9u2
stretch (security)1.7.5-2+deb9u1
buster1.8.19-1+deb10u5
bullseye2.2.9-2+deb11u6
bookworm2.6.12-1+deb12u1
trixie3.0.7-1
sid3.0.7-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-53008vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedInconsistent interpretation of HTTP requests ('HTTP Request/Response S ...
CVE-2024-49214fixedfixedfixedvulnerablevulnerable (no DSA, ignored)fixedfixedQUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x b ...

Resolved issues

BugDescription
TEMP-0000000-B9CD89BUG/MAJOR: http: prevent risk of reading past end with balance url_param
TEMP-0000000-1F321DBUG/MAJOR: http: don't read past buffer's end in http_replace_value
CVE-2024-45506HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1 ...
CVE-2023-45539HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...
CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-40225HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...
CVE-2023-25950HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...
CVE-2023-25725HAProxy before 2.7.3 may allow a bypass of access control because HTTP ...
CVE-2023-0836An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ...
CVE-2023-0056An uncontrolled resource consumption vulnerability was discovered in H ...
CVE-2022-0711A flaw was found in the way HAProxy processed HTTP responses containin ...
CVE-2021-40346An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...
CVE-2021-39242An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...
CVE-2021-39241An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...
CVE-2021-39240An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...
CVE-2020-11100In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...
CVE-2019-19330The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...
CVE-2019-18277A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...
CVE-2019-14241HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...
CVE-2019-11323HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ...
CVE-2018-20615An out-of-bounds read issue was discovered in the HTTP/2 protocol deco ...
CVE-2018-20103An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...
CVE-2018-20102An out-of-bounds read in dns_validate_dns_response in dns.c was discov ...
CVE-2018-14645A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, ...
CVE-2018-11469Incorrect caching of responses to requests including an Authorization ...
CVE-2018-10184An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ...
CVE-2016-5360HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, all ...
CVE-2015-3281The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1. ...
CVE-2014-6269Multiple integer overflows in the http_request_forward_body function i ...
CVE-2013-2175HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ...
CVE-2013-1912Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5- ...
CVE-2012-2942Buffer overflow in the trash buffer in the header capture functionalit ...

Security announcements

DSA / DLADescription
DSA-5590-1haproxy - security update
ELA-1024-1haproxy - security update
DLA-3688-1haproxy - security update
DSA-5388-1haproxy - security update
DSA-5348-1haproxy - security update
DLA-3318-1haproxy - security update
ELA-626-1haproxy - security update
DLA-3034-1haproxy - security update
DSA-5102-1haproxy - security update
DSA-4968-1haproxy - security update
DSA-4960-1haproxy - security update
DSA-4649-1haproxy - security update
DSA-4577-1haproxy - security update
DSA-3301-1haproxy - security update
DSA-2711-1haproxy - several

Search for package or bug name: Reporting problems