CVE-2014-6269
haproxy: remote client denial of service vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
Múltiples desbordamientos de enteros en la función http_request_forward_body en proto_http.c en HAProxy 1.5-dev23 anterior a 1.5.4 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un flujo grande de datos, lo que provoca un desbordamiento de buffer y una lectura fuera de rango.
A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-09 CVE Reserved
- 2014-09-24 CVE Published
- 2024-05-12 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://article.gmane.org/gmane.comp.web.haproxy/18097 | Mailing List | |
| http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commitdiff%3Bh=b4d05093bc89f71377230228007e69a1434c1a0c | X_refsource_confirm | |
| http://secunia.com/advisories/59936 | Third Party Advisory | |
| http://secunia.com/advisories/61507 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2014/09/09/23 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| http://article.gmane.org/gmane.comp.web.haproxy/17726 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1292.html | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2014-6269 | 2014-09-24 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1136552 | 2014-09-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5 Search vendor "Haproxy" for product "Haproxy" and version "1.5" | dev23 |
Affected
| ||||||
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5 Search vendor "Haproxy" for product "Haproxy" and version "1.5" | dev24 |
Affected
| ||||||
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5 Search vendor "Haproxy" for product "Haproxy" and version "1.5" | dev25 |
Affected
| ||||||
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5 Search vendor "Haproxy" for product "Haproxy" and version "1.5" | dev26 |
Affected
| ||||||
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5.0 Search vendor "Haproxy" for product "Haproxy" and version "1.5.0" | - |
Affected
| ||||||
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5.1 Search vendor "Haproxy" for product "Haproxy" and version "1.5.1" | - |
Affected
| ||||||
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5.2 Search vendor "Haproxy" for product "Haproxy" and version "1.5.2" | - |
Affected
| ||||||
| Haproxy Search vendor "Haproxy" | Haproxy Search vendor "Haproxy" for product "Haproxy" | 1.5.3 Search vendor "Haproxy" for product "Haproxy" and version "1.5.3" | - |
Affected
| ||||||