CVE-2014-6269

Name of the Vulnerable Software and Affected Versions HAProxy versions 1.5-dev23 through 1.5.3 HAProxy version 1.5.2

Description The issue is caused by multiple integer overflows in the http request forward body function in proto http.c, which allows remote attackers to cause a denial of service (crash) via a large stream of data. This triggers a buffer overflow and an out-of-bounds read. The vulnerability can be exploited remotely, leading to a disruption in the availability of protected information.

Recommendations For HAProxy versions 1.5-dev23 through 1.5.3, update to version 1.5.4 or later. For HAProxy version 1.5.2, update to version 1.5.4 or later. As a temporary workaround, consider restricting access to the http request forward body function in proto http.c to minimize the risk of exploitation.