// For flags

CVE-2014-6269

haproxy: remote client denial of service vulnerability

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.

Múltiples desbordamientos de enteros en la función http_request_forward_body en proto_http.c en HAProxy 1.5-dev23 anterior a 1.5.4 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un flujo grande de datos, lo que provoca un desbordamiento de buffer y una lectura fuera de rango.

A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-09-09 CVE Reserved
  • 2014-09-24 CVE Published
  • 2024-05-12 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5
Search vendor "Haproxy" for product "Haproxy" and version "1.5"
dev23
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5
Search vendor "Haproxy" for product "Haproxy" and version "1.5"
dev24
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5
Search vendor "Haproxy" for product "Haproxy" and version "1.5"
dev25
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5
Search vendor "Haproxy" for product "Haproxy" and version "1.5"
dev26
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5.0
Search vendor "Haproxy" for product "Haproxy" and version "1.5.0"
-
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5.1
Search vendor "Haproxy" for product "Haproxy" and version "1.5.1"
-
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5.2
Search vendor "Haproxy" for product "Haproxy" and version "1.5.2"
-
Affected
Haproxy
Search vendor "Haproxy"
Haproxy
Search vendor "Haproxy" for product "Haproxy"
1.5.3
Search vendor "Haproxy" for product "Haproxy" and version "1.5.3"
-
Affected