CVE-2015-3281

EPSS 0.09%

haproxy - security update

Published: 7/6/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3281

Description

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

Affected packages (2)

Debian/haproxyfrom 0, < 1.5.14-1
Debian/haproxyfrom 0, < 1.5.8-3+deb8u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3281