FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
617959ce-a5f6-11e1-a284-0023ae8e59f0haproxy -- buffer overflow

HAProxy reports:

A flaw was reported in HAProxy where, due to a boundary error when copying data into the trash buffer, an external attacker could cause a buffer overflow. Exploiting this flaw could lead to the execution of arbitrary code, however it requires non-default settings for the global.tune.bufsize configuration option (must be set to a value greater than the default), and also that header rewriting is enabled (via, for example, the regrep or rsprep directives). This flaw is reported against 1.4.20, prior versions may also be affected.


Discovery 2012-05-21
Entry 2012-05-24
Modified 2012-05-29
haproxy
< 1.4.21

CVE-2012-2391
https://secunia.com/advisories/49261/
http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b
http://haproxy.1wt.eu/news.html
7f829d44-7509-11ea-b47c-589cfc0f81b0HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2

The HAproxy Project reports:

The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue.


Discovery 2020-04-02
Entry 2020-04-02
haproxy
ge 2.0.0 lt 2.0.14

haproxy18
ge 1.8.0 lt 1.8.25

haproxy19
ge 1.9.0 lt 1.9.15

haproxy21
ge 2.1.0 lt 2.1.4

CVE-2020-11100
https://www.mail-archive.com/haproxy@formilux.org/msg36876.html
https://www.mail-archive.com/haproxy@formilux.org/msg36877.html
https://www.mail-archive.com/haproxy@formilux.org/msg36878.html
https://www.mail-archive.com/haproxy@formilux.org/msg36879.html
cbfa8bd7-24b6-11e5-86ff-14dae9d210b8haproxy -- information leak vulnerability

HAProxy reports:

A vulnerability was found when HTTP pipelining is used. In some cases, a client might be able to cause a buffer alignment issue and retrieve uninitialized memory contents that exhibit data from a past request or session. I want to address sincere congratulations to Charlie Smurthwaite of aTech Media for the really detailed traces he provided which made it possible to find the cause of this bug. Every user of 1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev snapshot to fix this issue, or use the backport of the fix provided by their operating system vendors. CVE-2015-3281 was assigned to this bug.


Discovery 2015-07-02
Entry 2015-07-07
haproxy
ge 1.5.0 lt 1.5.14

http://www.haproxy.org/news.html
http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4
http://seclists.org/oss-sec/2015/q3/61
CVE-2015-3281
f1c219ba-3f14-11e6-b3c8-14dae9d210b8haproxy -- denial of service

HAproxy reports:

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.


Discovery 2016-06-09
Entry 2016-06-30
haproxy
ge 1.6.0 lt 1.6.5_1

http://www.openwall.com/lists/oss-security/2016/06/09/5
CVE-2016-5360