BIT-haproxy-2026-55203

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/haproxy/BIT-haproxy-2026-55203.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-haproxy-2026-55203
Aliases
Published
2026-06-29T05:40:49.435Z
Modified
2026-06-29T08:15:08.654799779Z
Summary
HAProxy - Integer Overflow in FCGI Demux Record Length Field
Details

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.

Database specific
{
    "severity": "Critical",
    "cpes": [
        "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / haproxy

Package

Name
haproxy
Purl
pkg:bitnami/haproxy

Severity

  • 9.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.1

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/haproxy/BIT-haproxy-2026-55203.json"