CVE - CVE-2014-6269

CVE-ID
CVE-2014-6269	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c MLIST:[haproxy] 20140805 segfault in http_skip_chunk_crlf after 16G of data has passed through haproxy URL:http://article.gmane.org/gmane.comp.web.haproxy/17726 MLIST:[haproxy] 20140902 [ANNOUNCE] haproxy-1.5.4 URL:http://article.gmane.org/gmane.comp.web.haproxy/18097 MLIST:[oss-security] 20140909 Re: CVE Request: haproxy read out of bounds URL:http://www.openwall.com/lists/oss-security/2014/09/09/23 REDHAT:RHSA-2014:1292 URL:http://rhn.redhat.com/errata/RHSA-2014-1292.html SECUNIA:59936 URL:http://secunia.com/advisories/59936 SECUNIA:61507 URL:http://secunia.com/advisories/61507
Assigning CNA
MITRE Corporation
Date Record Created
20140909	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140909)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)