CVE-2015-3281

Priority
Description
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev
does not properly realign a buffer that is used for pending outgoing data,
which allows remote attackers to obtain sensitive information
(uninitialized memory contents of previous requests) via a crafted request.
Assigned-to
mdeslaur
Notes
mdeslaur1.5.x+ only
Package
Upstream:released (1.5.14-1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.4.24-2])
Patches:
Upstream:http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4
More Information

Updated: 2020-01-29 19:52:04 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)