CVE-2012-2942

2012-05-2700:00:00

ubuntu.com

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.105

Percentile

95.0%

JSON

Buffer overflow in the trash buffer in the header capture functionality in
HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater
than the default and header rewriting is enabled, allows remote attackers
to cause a denial of service and possibly execute arbitrary code via
unspecified vectors.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674447>

Notes

Author	Note
mdeslaur	CVE-2012-2391 was a duplicate of this CVE and got rejected.

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchhaproxy< 1.4.15-1ubuntu0.1UNKNOWN
ubuntu12.04noarchhaproxy< 1.4.18-0ubuntu1.1UNKNOWN
ubuntu12.10noarchhaproxy< 1.4.18-0ubuntu2.1UNKNOWN
ubuntu13.04noarchhaproxy< 1.4.18-0ubuntu3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	haproxy	< 1.4.15-1ubuntu0.1	UNKNOWN
ubuntu	12.04	noarch	haproxy	< 1.4.18-0ubuntu1.1	UNKNOWN
ubuntu	12.10	noarch	haproxy	< 1.4.18-0ubuntu2.1	UNKNOWN
ubuntu	13.04	noarch	haproxy	< 1.4.18-0ubuntu3	UNKNOWN