CVE-2012-2942 - OpenCVE

Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Haproxy	Haproxy

Configuration 1 [-]

cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*

References

Link	Resource
http://haproxy.1wt.eu/#news
http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
http://haproxy.1wt.eu/git?p=haproxy-1.4.git%3Ba=commit%3Bh=30297cb17147a8d339eb160226bcc08c91d9530b
http://secunia.com/advisories/49261	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201301-02.xml
http://www.debian.org/security/2013/dsa-2711
http://www.openwall.com/lists/oss-security/2012/05/23/12
http://www.openwall.com/lists/oss-security/2012/05/23/15
http://www.openwall.com/lists/oss-security/2012/05/28/1
http://www.securityfocus.com/bid/53647
http://www.ubuntu.com/usn/USN-1800-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/75777

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-05-27T20:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-05-27T00:00:00

Link: CVE-2012-2942

JSON object: View

NVD Information

Status : Modified

Published: 2012-05-27T20:55:05.017

Modified: 2023-11-07T02:11:28.213

Link: CVE-2012-2942

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20120528 Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/28/1"}, {"name": "GLSA-201301-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201301-02.xml"}, {"name": "[oss-security] 20120523 Re: CVE request: haproxy trash buffer overflow flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/23/15"}, {"name": "haproxy-trash-bo(75777)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75777"}, {"name": "53647", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53647"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://haproxy.1wt.eu/#news"}, {"name": "DSA-2711", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2711"}, {"name": "49261", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49261"}, {"name": "USN-1800-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1800-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://haproxy.1wt.eu/git?p=haproxy-1.4.git%3Ba=commit%3Bh=30297cb17147a8d339eb160226bcc08c91d9530b"}, {"name": "[oss-security] 20120523 CVE request: haproxy trash buffer overflow flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/23/12"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2942", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20120528 Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/28/1"}, {"name": "GLSA-201301-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201301-02.xml"}, {"name": "[oss-security] 20120523 Re: CVE request: haproxy trash buffer overflow flaw", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/23/15"}, {"name": "haproxy-trash-bo(75777)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75777"}, {"name": "53647", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53647"}, {"name": "http://haproxy.1wt.eu/#news", "refsource": "CONFIRM", "url": "http://haproxy.1wt.eu/#news"}, {"name": "DSA-2711", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2711"}, {"name": "49261", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49261"}, {"name": "USN-1800-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1800-1"}, {"name": "http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b", "refsource": "CONFIRM", "url": "http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b"}, {"name": "[oss-security] 20120523 CVE request: haproxy trash buffer overflow flaw", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/23/12"}, {"name": "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG", "refsource": "CONFIRM", "url": "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-2942", "datePublished": "2012-05-27T20:00:00", "dateReserved": "2012-05-27T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "B757FF21-72FC-4B35-A2E1-6FA06FA311F0", "versionEndIncluding": "1.4.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el trash buffer en la funcionalidad de captura de cabecera en HAProxy antes v1.4.21, cuando global.tune.bufsize se establece en un valor mayor que el valor predeterminado y la reescritura de cabecera est\u00e1 activada, permite a atacantes remotos provocar una denegaci\u00f3n de servicio y, posiblemente, ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-2942", "lastModified": "2023-11-07T02:11:28.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-27T20:55:05.017", "references": [{"source": "cve@mitre.org", "url": "http://haproxy.1wt.eu/#news"}, {"source": "cve@mitre.org", "url": "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG"}, {"source": "cve@mitre.org", "url": "http://haproxy.1wt.eu/git?p=haproxy-1.4.git%3Ba=commit%3Bh=30297cb17147a8d339eb160226bcc08c91d9530b"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49261"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-201301-02.xml"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2711"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2012/05/23/12"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2012/05/23/15"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2012/05/28/1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/53647"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1800-1"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75777"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}