HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.4.24-2ubuntu0.4", "binary_name": "haproxy" }, { "binary_version": "1.4.24-2ubuntu0.4", "binary_name": "haproxy-dbgsym" }, { "binary_version": "1.4.24-2ubuntu0.4", "binary_name": "vim-haproxy" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.6.3-1ubuntu0.1", "binary_name": "haproxy" }, { "binary_version": "1.6.3-1ubuntu0.1", "binary_name": "haproxy-dbg" }, { "binary_version": "1.6.3-1ubuntu0.1", "binary_name": "haproxy-dbgsym" }, { "binary_version": "1.6.3-1ubuntu0.1", "binary_name": "haproxy-doc" }, { "binary_version": "1.6.3-1ubuntu0.1", "binary_name": "vim-haproxy" } ] }