Your submission was sent successfully! Close

CVE-2015-3281

Published: 06 July 2015

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

Priority

Medium

Status

Package Release Status
haproxy
Launchpad, Ubuntu, Debian
Upstream
Released (1.5.14-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.4.24-2])
Patches:
Upstream: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4