Описание
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 2 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 6 | haproxy | Fixed | RHSA-2015:1741 | 08.09.2015 |
| Red Hat Enterprise Linux 7 | haproxy | Fixed | RHSA-2015:1741 | 08.09.2015 |
| Red Hat OpenShift Enterprise 2.2 | haproxy15side | Fixed | RHSA-2015:2666 | 17.12.2015 |
| Red Hat OpenShift Enterprise 2.2 | openshift-enterprise-upgrade | Fixed | RHSA-2015:2666 | 17.12.2015 |
| Red Hat OpenShift Enterprise 2.2 | openshift-origin-broker-util | Fixed | RHSA-2015:2666 | 17.12.2015 |
| Red Hat OpenShift Enterprise 2.2 | openshift-origin-cartridge-haproxy | Fixed | RHSA-2015:2666 | 17.12.2015 |
| Red Hat OpenShift Enterprise 2.2 | openshift-origin-cartridge-jbosseap | Fixed | RHSA-2015:2666 | 17.12.2015 |
| Red Hat OpenShift Enterprise 2.2 | openshift-origin-cartridge-jbossews | Fixed | RHSA-2015:2666 | 17.12.2015 |
| Red Hat OpenShift Enterprise 2.2 | openshift-origin-cartridge-python | Fixed | RHSA-2015:2666 | 17.12.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1. ...
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
EPSS
5 Medium
CVSS2