Description
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/09/6
Various Sources x_refsource_confirm
http://git.haproxy.org/?p=haproxy-1.6.git%3Ba=commit%3Bh=60f01f8c89e4fb2723d5a9f2046286e699567e0b
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3011-1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/09/5
Scores
CVSS v3
7.5
EPSS
0.4282
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (7)
canonical/ubuntu_linux
16.04
haproxy/haproxy
1.6.0
haproxy/haproxy
1.6.1
haproxy/haproxy
1.6.2
haproxy/haproxy
1.6.3
haproxy/haproxy
1.6.4
haproxy/haproxy
1.6.5
Published
Jun 30, 2016
Tracked Since
Feb 18, 2026