PT-2015-1626 · Haproxy+3 · Haproxy+3

Charlie Smurthwaite

Publicado

2015-07-05

Atualizado

2024-06-15

CVE-2015-3281

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions HAProxy versions 1.5.x through 1.5.13 HAProxy version 1.6-dev

Description The issue is related to the buffer slow realign function, which does not properly realign a buffer used for pending outgoing data. This allows remote attackers to obtain sensitive information, specifically uninitialized memory contents of previous requests, via a crafted request.

Recommendations For HAProxy versions 1.5.x through 1.5.13, update to version 1.5.14 or later. For HAProxy version 1.6-dev, consider disabling the buffer slow realign function until a patch is available. As a temporary workaround, restrict access to sensitive information to minimize the risk of exploitation.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-10969

CESA-2015_1741

CVE-2015-3281

DSA-3301-1

OPENSUSE-SU-2015_1831-1

OPENSUSE-SU-2024:10114-1

RHSA-2015:1741

RHSA-2015:2666

RHSA-2015_1741

SUSE-SU-2015:1663-1

SUSE-SU-2015:1776-1

SUSE-SU-2015_1663-1

USN-2668-1

Produtos afetados

Centos

Haproxy

Red Hat

Suse

PT-2015-1626 · Haproxy+3 · Haproxy+3

CVE-2015-3281

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 61