CVE-2015-3281
haproxy - security update
EPSS 0.09%
Description
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
How to fix CVE-2015-3281
To remediate CVE-2015-3281, upgrade the affected package to a fixed version below.
- Debian/haproxy—upgrade to 1.5.14-1 or later
- Debian/haproxy—upgrade to 1.5.8-3+deb8u1 or later
Is CVE-2015-3281 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.5.14-1
- from 0, < 1.5.8-3+deb8u1