GCVE - cpe:2.3:a:haproxy:haproxy:1.4.20:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:haproxy:haproxy:1.4.20:*:*:*:*:*:*:*

part: a version: 1.4.20 update: *

Vendor	Haproxy (`bcdccbbb-bab3-5a27-b98b-5345a425d85c`)
Product	Haproxy (`0acaea08-d114-576a-98cc-ac99b15c19b7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/haproxy`	purl2cpe	2026-06-01 10:18:18.386121
`pkg:deb/ubuntu/haproxy`	purl2cpe	2026-06-01 10:18:18.386123
`pkg:docker/haproxy/haproxy`	purl2cpe	2026-06-01 10:18:18.386124
`pkg:github/haproxy/haproxy`	purl2cpe	2026-06-01 10:18:18.386125
`pkg:haproxy/haproxy`	purl2cpe	2026-06-01 10:18:18.386127
`pkg:rpm/fedora/haproxy`	purl2cpe	2026-06-01 10:18:18.386128
`pkg:rpm/opensuse/haproxy`	purl2cpe	2026-06-01 10:18:18.386129

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-2175`	vulnerable	2026-06-08 05:03:58.844300	Details available HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. Published: 2013-08-19T00:00:00.000Z Updated: 2024-08-06T15:27:41.078Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-1204.html http://marc.info/?l=haproxy&m=137147915029705&w=2 http://secunia.com/advisories/54344 https://bugzilla.redhat.com/show_bug.cgi?id=974259 http://www.debian.org/security/2013/dsa-2711	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-1912`	vulnerable	2026-06-08 05:03:57.231797	Details available Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. Published: 2013-04-10T15:00:00.000Z Updated: 2024-08-06T15:20:37.131Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html http://rhn.redhat.com/errata/RHSA-2013-0868.html http://secunia.com/advisories/52725 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html http://www.debian.org/security/2013/dsa-2711	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.