CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1912 – haproxy: rewrite rules flaw can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2013-1912
10 Apr 2013 — Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. Desbordamiento de búfer en HAProxy v1.4 y v1.5 mediante v1.5-dev17 través de 1.5-dev17 al mantenimiento de conexión es... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2942 – Debian Security Advisory 2711-1
https://notcve.org/view.php?id=CVE-2012-2942
27 May 2012 — Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el trash buffer en la funcionalidad de captura de cabecera en HAProxy antes v1.4.21, cuando global.tune.bufsize se establece en un valor mayor que el valor predeterminado y... • http://haproxy.1wt.eu/#news • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •