Explore top 10 tips to secure your open-source projects now. Read More
×
Description:
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow
vulnerability in the fcgi_conn structure's drl field that allows buffer
misparse as new FCGI record headers. When contentLength is 65535 and
paddingLength is 1 or more, the drl field wraps to 0, causing incorrect
record consumption and allowing malicious FastCGI backends to desynchronize
the FCGI framing parser, potentially causing request routing errors, response
smuggling, or memory safety issues.
(CVE-2026-55203)
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer
dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that
fails to validate the return value of hpack_dht_defrag() when the memory pool
is exhausted. An attacker can trigger HPACK dynamic table insertions under
memory pressure to dereference a NULL pointer and crash HAProxy worker
processes, causing denial of service.
(CVE-2026-55204)
- https://bugs.mageia.org/show_bug.cgi?id=35748
- https://www.cve.org/CVERecord?id=CVE-2026-55203
- https://www.cve.org/CVERecord?id=CVE-2026-55204
- 10/core/haproxy-3.4.2-1.2.mga10
- 9/core/haproxy-2.8.26-1.mga9
Publication date:14 Jul 2026
Get the latest Linux and open source security news straight to your inbox.