CVE-2013-1912
EPSS 0.19%
Description
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
How to fix CVE-2013-1912
To remediate CVE-2013-1912, upgrade the affected package to a fixed version below.
- Debian/haproxy—upgrade to 1.4.23-1 or later
Is CVE-2013-1912 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.4.23-1