CVE-2013-2175
Published: 19 June 2013
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
Priority
Status
Package | Release | Status |
---|---|---|
haproxy Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(1.4.18-0ubuntu1.2)
|
|
quantal |
Released
(1.4.18-0ubuntu2.2)
|
|
raring |
Released
(1.4.18-0ubuntu3.1)
|
|
upstream |
Released
(1.4.24-1)
|
|
Patches: vendor: http://www.debian.org/security/2013/dsa-2711 upstream: https://github.com/yuxans/haproxy/commit/67dad2715ba73376995294d188ffb4242ce7fb0a |