PT-2014-1858 · Haproxy+2 · Haproxy+2

Published

2014-09-24

Updated

2024-06-15

CVE-2014-6269

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions HAProxy versions 1.5-dev23 through 1.5.3 HAProxy version 1.5.2

Description The issue is caused by multiple integer overflows in the http request forward body function in proto http.c, which allows remote attackers to cause a denial of service (crash) via a large stream of data. This triggers a buffer overflow and an out-of-bounds read. The vulnerability can be exploited remotely, leading to a disruption in the availability of protected information.

Recommendations For HAProxy versions 1.5-dev23 through 1.5.3, update to version 1.5.4 or later. For HAProxy version 1.5.2, update to version 1.5.4 or later. As a temporary workaround, consider restricting access to the http request forward body function in proto http.c to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2015-06997

BDU:2015-06998

BDU:2015-09243

BDU:2015-09244

CESA-2014_1292

CVE-2014-6269

OPENSUSE-SU-2024:10114-1

RHSA-2014:1292

RHSA-2014_1292

SUSE-SU-2015:0660-1

Affected Products

Centos

Haproxy

Red Hat

PT-2014-1858 · Haproxy+2 · Haproxy+2

CVE-2014-6269

Weakness Enumeration

Related Identifiers

Affected Products

References · 35