Primary

Context

HAProxy Heap-Based Buffer Overflow Vulnerability in Sample Conv Regsub Function

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in HAProxy versions 2.2 through 3.1.6. This issue arises in certain uncommon configurations within the sample_conv_regsub() function, where the replacement of multiple short patterns with a longer one is mishandled. The vulnerability was introduced in version 2.2 and can be exploited by replacing multiple occurrences of a short pattern with a longer one, potentially overflowing the temporary buffer used for the replacement.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or memory corruption.

Remediation

Users can upgrade to HAProxy version 2.2.9-2+deb11u7 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HAProxy Heap-Based Buffer Overflow Vulnerability in Sample Conv Regsub Function

Vulnerability

Impact

Remediation

Affected Products

HAProxy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating