CVE-2015-3281
Last modified
CVE-2015-3281 is a vulnerability of currently unknown severity. The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.. EPSS estimates a 4.24% chance of exploitation in the next 30 days.
Description
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Debian | Debian Linux | 8.0 | — |
| Haproxy | Haproxy | 1.5 | Dev |
| Haproxy | Haproxy | 1.5.0 | — |
| Haproxy | Haproxy | 1.5.1 | — |
| Haproxy | Haproxy | 1.5.2 | — |
| Haproxy | Haproxy | 1.5.3 | — |
| Haproxy | Haproxy | 1.5.4 | — |
| Haproxy | Haproxy | 1.5.5 | — |
| Haproxy | Haproxy | 1.5.6 | — |
| Haproxy | Haproxy | 1.5.7 | — |
| Haproxy | Haproxy | 1.5.8 | — |
| Haproxy | Haproxy | 1.5.9 | — |
| Haproxy | Haproxy | 1.5.10 | — |
| Haproxy | Haproxy | 1.5.11 | — |
| Haproxy | Haproxy | 1.5.12 | — |
| Haproxy | Haproxy | 1.5.13 | — |
| Haproxy | Haproxy | 1.6 | Dev0 |
| Canonical | Ubuntu Linux | 14.10 | — |
| Canonical | Ubuntu Linux | 15.04 | — |
| Opensuse | Openstack Cloud | 5 | — |
| Opensuse | Opensuse | 13.2 | — |
| Suse | Linux Enterprise High Availability Extension | 12 | — |
| Redhat | Enterprise Linux Desktop | 7.0 | — |
| Redhat | Enterprise Linux Server | 7.0 | — |
| Redhat | Enterprise Linux Server Aus | 7.3 | — |
| Redhat | Enterprise Linux Server Aus | 7.4 | — |
| Redhat | Enterprise Linux Server Aus | 7.6 | — |
| Redhat | Enterprise Linux Server Eus | 7.1 | — |
| Redhat | Enterprise Linux Server Eus | 7.2 | — |
| Redhat | Enterprise Linux Server Eus | 7.3 | — |
| Redhat | Enterprise Linux Server Eus | 7.4 | — |
| Redhat | Enterprise Linux Server Eus | 7.5 | — |
| Redhat | Enterprise Linux Server Eus | 7.6 | — |
| Redhat | Enterprise Linux Server Tus | 7.3 | — |
| Redhat | Enterprise Linux Server Tus | 7.6 | — |
| Redhat | Enterprise Linux Workstation | 7.0 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.htmlMailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1741.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-2666.htmlThird Party Advisory
- http://www.debian.org/security/2015/dsa-3301Third Party Advisory
- http://www.haproxy.org/news.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/75554Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2668-1Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.htmlMailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1741.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-2666.htmlThird Party Advisory
- http://www.debian.org/security/2015/dsa-3301Third Party Advisory
- http://www.haproxy.org/news.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/75554Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2668-1Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-3281?
How severe is CVE-2015-3281?
How do I fix CVE-2015-3281?
Are you affected by CVE-2015-3281?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST