Vulnerability Details
Basic Information
| Title | [SECURITY] [DLA 4135-1] haproxy security update |
|---|---|
| Type | debian |
| Published | 2025-04-23T20:28:13 |
| Last Seen | 2025-04-24T07:29:09 |
| CVSS Score | 6.8 (MEDIUM) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-32464 |
|---|---|
| CWE | |
| Bulletin Family | unix |
Description
– ————————————————————————-
Debian LTS Advisory DLA-4135-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
April 23, 2025 https://wiki.debian.org/LTS
– ————————————————————————-
Debian LTS Advisory DLA-4135-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
April 23, 2025 https://wiki.debian.org/LTS
– ————————————————————————-
Package : haproxy
Version : 2.2.9-2+deb11u7
CVE ID : CVE-2025-32464
Debian Bug : 1102673
A heap buffer overflow in sample_conv_regsub() has been fixed in the
load balancing reverse proxy HAProxy.
For Debian 11 bullseye, this problem has been fixed in version
2.2.9-2+deb11u7.
We recommend that you upgrade your haproxy packages.
For the detailed security status of haproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/haproxy
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Impact Assessment
| Base Score | 6.8 |
|---|---|
| Severity | MEDIUM |