HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
[
{
"source": "https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559",
"target": {
"file": "src/sample.c"
},
"id": "CVE-2025-32464-c78e104a",
"deprecated": false,
"digest": {
"line_hashes": [
"44363929548633845708281771554896885601",
"240967002129204781698066168046627257709",
"235401145960306073107861320431440768315",
"310455282523349447692393506674566175291"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
}
]