Buffer overflow in Haproxy

CVE-2015-3281

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory cont…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (26.2th percentile) — read the EPSS interpretation.

Affected products

Haproxy — versions 1.5, 1.5.0, 1.5.1
Canonical Ubuntu_linux — versions 14.10, 15.04
Debian Debian_linux — versions 8.0
Opensuse Openstack_cloud — versions 5
Opensuse — versions 13.2
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_server — versions 7.0
Redhat Enterprise_linux_server_aus — versions 7.3, 7.4, 7.6
Redhat Enterprise_linux_server_eus — versions 7.1, 7.2, 7.3
Redhat Enterprise_linux_server_tus — versions 7.3, 7.6

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

RHSA-2015:1741 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
openSUSE-SU-2015:1831 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
RHSA-2015:2666 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
USN-2668-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
SUSE-SU-2015:1663 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
DSA-3301 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
75554 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)