CVE-2025-32464

Published Apr 9, 2025

Last updated 2 months ago

CVSS medium 6.8

Overview

Description
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

cve@mitre.org
CWE-1025

Social media

Hype score
Not currently trending

  1. Codean Labs' @b0n0b0__ and @Doyensec's @drw0if discovered CVE-2025-32464, a heap-buffer overflow in HAProxy. Read our write-up here: https://t.co/kUoesl4xNl

    @CodeanIO

    13 May 2025

    31 Impressions

    5 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.