CVE-2013-1912

Publication date 10 April 2013

Last updated 24 July 2024


Ubuntu priority

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

Status

Package Ubuntu Release Status
haproxy 13.04 raring
Fixed 1.4.18-0ubuntu3
12.10 quantal
Fixed 1.4.18-0ubuntu2.1
12.04 LTS precise
Fixed 1.4.18-0ubuntu1.1
11.10 oneiric
Fixed 1.4.15-1ubuntu0.1
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
haproxy

References

Related Ubuntu Security Notices (USN)

    • USN-1800-1
    • HAProxy vulnerabilities
    • 15 April 2013

Other references