Skip to main content

Haproxy CVE-2014-6269

MEDIUM
Numeric Errors (CWE-189)
2014-09-30 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Sep 30, 2014 - 14:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.

AnalysisAI

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-189. Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. Affected products include: Haproxy. Version information: before 1.5.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-5360 HIGH
7.5 Jun 30

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service

CVE-2021-40346 HIGH POC
7.5 Sep 08

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request

CVE-2019-18277 HIGH POC
7.5 Oct 23

A flaw was found in HAProxy before 2.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no

CVE-2019-14241 HIGH POC
7.5 Jul 23

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_

CVE-2023-40225 HIGH POC
7.2 Aug 10

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2

CVE-2019-8953 MEDIUM POC
6.1 Feb 20

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, re

CVE-2019-19330 CRITICAL
9.8 Nov 27

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd

CVE-2023-25725 CRITICAL
9.1 Feb 14

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situatio

CVE-2026-55203 CRITICAL
9.0 Jun 18

FastCGI framing desynchronization in HAProxy through 3.4.0 stems from a 16-bit integer overflow in the fcgi_conn demux r

CVE-2020-11100 HIGH
8.8 Apr 02

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can w

CVE-2026-55204 HIGH
8.7 Jun 18

Denial of service in HAProxy through 3.4.0 allows remote unauthenticated attackers to crash worker processes by triggeri

CVE-2023-45539 HIGH
8.2 Nov 28

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive info

Share

CVE-2014-6269 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy