CVE-2012-2942
haproxy - several
EPSS 0.20%
Description
Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
How to fix CVE-2012-2942
To remediate CVE-2012-2942, upgrade the affected package to a fixed version below.
- Debian/haproxy—upgrade to 1.4.23-1 or later
- Debian/haproxy—upgrade to 1.4.8-1+squeeze1 or later
Is CVE-2012-2942 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.23-1
- from 0, < 1.4.8-1+squeeze1