CVE-2013-1912

Publication date 10 April 2013

Last updated 24 July 2024

Ubuntu priority

Description

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
haproxy	13.04 raring	Fixed 1.4.18-0ubuntu3
	12.10 quantal	Fixed 1.4.18-0ubuntu2.1
	12.04 LTS precise	Fixed 1.4.18-0ubuntu1.1
	11.10 oneiric	Fixed 1.4.15-1ubuntu0.1
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
haproxy	Upstream: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211

CVE-2013-1912

Description

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references