CVE-2015-3281: Buffer Overflow

First published: Mon Jul 06 2015(Updated: )

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

Credit: secalert@redhat.com secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/references
• agent/severity
• agent/weakness
• agent/remedy
• agent/description
• agent/author
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/source
• agent/softwarecombine
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• vendor/debian
• canonical/debian debian linux
• version/debian debian linux/8.0
• vendor/haproxy
• canonical/haproxy haproxy
• version/haproxy haproxy/1.5-dev
• version/haproxy haproxy/1.5-dev0
• version/haproxy haproxy/1.5-dev1
• version/haproxy haproxy/1.5-dev10
• version/haproxy haproxy/1.5-dev11
• version/haproxy haproxy/1.5-dev12
• version/haproxy haproxy/1.5-dev13
• version/haproxy haproxy/1.5-dev14
• version/haproxy haproxy/1.5-dev15
• version/haproxy haproxy/1.5-dev16
• version/haproxy haproxy/1.5-dev17
• version/haproxy haproxy/1.5-dev18
• version/haproxy haproxy/1.5-dev19
• version/haproxy haproxy/1.5-dev2
• version/haproxy haproxy/1.5-dev3
• version/haproxy haproxy/1.5-dev4
• version/haproxy haproxy/1.5-dev5
• version/haproxy haproxy/1.5-dev6
• version/haproxy haproxy/1.5-dev7
• version/haproxy haproxy/1.5-dev8
• version/haproxy haproxy/1.5-dev9
• version/haproxy haproxy/1.5.0
• version/haproxy haproxy/1.5.1
• version/haproxy haproxy/1.5.2
• version/haproxy haproxy/1.5.3
• version/haproxy haproxy/1.5.4
• version/haproxy haproxy/1.5.5
• version/haproxy haproxy/1.5.6
• version/haproxy haproxy/1.5.7
• version/haproxy haproxy/1.5.8
• version/haproxy haproxy/1.5.9
• version/haproxy haproxy/1.5.10
• version/haproxy haproxy/1.5.11
• version/haproxy haproxy/1.5.12
• version/haproxy haproxy/1.5.13
• version/haproxy haproxy/1.6-dev0
• vendor/canonical
• canonical/ubuntu linux
• version/ubuntu linux/14.10
• version/ubuntu linux/15.04
• vendor/opensuse
• canonical/suse linux enterprise high availability extension
• version/suse linux enterprise high availability extension/12
• canonical/opensuse openstack cloud
• version/opensuse openstack cloud/5
• canonical/opensuse
• version/opensuse/13.2
• vendor/redhat
• canonical/redhat enterprise linux desktop
• version/redhat enterprise linux desktop/7.0
• canonical/redhat enterprise linux server
• version/redhat enterprise linux server/7.0
• canonical/redhat enterprise linux server aus
• version/redhat enterprise linux server aus/7.3
• version/redhat enterprise linux server aus/7.4
• version/redhat enterprise linux server aus/7.6
• canonical/redhat enterprise linux server eus
• version/redhat enterprise linux server eus/7.1
• version/redhat enterprise linux server eus/7.2
• version/redhat enterprise linux server eus/7.3
• version/redhat enterprise linux server eus/7.4
• version/redhat enterprise linux server eus/7.5
• version/redhat enterprise linux server eus/7.6
• canonical/redhat enterprise linux server tus
• version/redhat enterprise linux server tus/7.3
• version/redhat enterprise linux server tus/7.6
• canonical/redhat enterprise linux workstation
• version/redhat enterprise linux workstation/7.0
• vendor/suse
• canonical/suse linux enterprise high availability
• version/suse linux enterprise high availability/12