MGASA-2026-0250

Source
https://advisories.mageia.org/MGASA-2026-0250.html
Import Source
https://advisories.mageia.org/MGASA-2026-0250.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0250
Upstream
Published
2026-07-14T01:55:37Z
Modified
2026-07-14T02:00:22.754711982Z
Summary
Updated haproxy packages fix security vulnerability
Details

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues. (CVE-2026-55203) HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert() within src/hpack-tbl.c that fails to validate the return value of hpackdht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service. (CVE-2026-55204)

References
Credits

Affected packages

Mageia:10 / haproxy

Package

Name
haproxy
Purl
pkg:rpm/mageia/haproxy?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-1.2.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0250.json"

Mageia:9 / haproxy

Package

Name
haproxy
Purl
pkg:rpm/mageia/haproxy?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.26-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0250.json"