CVE-2015-3281
Description
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.094
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| fast and reliable load balancing reverse proxy (USN-2668-1) haproxy_1.5.10-1ubuntu0.1_i386.deb | Linux |
| fast and reliable load balancing reverse proxy (USN-2668-1) haproxy_1.5.10-1ubuntu0.1_amd64.deb | Linux |
| (RHSA-2015:1741) Important: haproxy security update haproxy-1.5.4-4.el7_1.1.x86_64.rpm | Linux |
| (RHSA-2015:1741)Important: security update haproxy-debuginfo-1.5.4-4.el7_1.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234