Willy Tarreau

8 exploits Active since May 1997
CVE-2021-40346 WRITEUP HIGH WRITEUP
HAProxy <2.6 - HTTP Request Smuggling
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
CVSS 7.5
CVE-2013-4312 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.4.1 - Denial of Service via File Descriptor Exhaustion
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
CVSS 6.2
CVE-2018-20511 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.18.11 - Authenticated Kernel Address Exposure via SIOCFINDIPDDPRT ioctl
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
CVSS 5.5
CVE-2020-16166 WRITEUP LOW WRITEUP
Linux kernel <5.7.11 - Info Disclosure
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
CVSS 3.7
CVE-2022-33981 WRITEUP LOW WRITEUP
Linux Kernel < 5.17.6 - Use-After-Free in Floppy Driver raw_cmd_ioctl
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
CVSS 3.3
CVE-2023-40225 WRITEUP HIGH WRITEUP
HAProxy < 2.0.32, 2.1.x-2.2.30, 2.3.x-2.4.23, 2.5.x-2.6.14, 2.7.x-2.7.9, 2.8.x-2.8.1 - HTTP Request Smuggling
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
CVSS 7.2
CVE-2025-32464 WRITEUP MEDIUM WRITEUP
HAProxy 2.2-3.1.6 - Heap-Based Buffer Overflow via Sample Conversion Regular Substitution
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
CVSS 6.8
CVE-1999-0034 EXPLOITDB text WRITEUP
Perl 4.x and 5.x - Buffer Overflow in suidperl
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.