Advisories ยป MGASA-2026-0250

Updated haproxy packages fix security vulnerability

Publication date: 14 Jul 2026
Modification date: 14 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-55203 , CVE-2026-55204

Description

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow
vulnerability in the fcgi_conn structure's drl field that allows buffer
misparse as new FCGI record headers. When contentLength is 65535 and
paddingLength is 1 or more, the drl field wraps to 0, causing incorrect
record consumption and allowing malicious FastCGI backends to desynchronize
the FCGI framing parser, potentially causing request routing errors, response
smuggling, or memory safety issues.
(CVE-2026-55203)
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer
dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that
fails to validate the return value of hpack_dht_defrag() when the memory pool
is exhausted. An attacker can trigger HPACK dynamic table insertions under
memory pressure to dereference a NULL pointer and crash HAProxy worker
processes, causing denial of service.
(CVE-2026-55204)
                

References

SRPMS

10/core

9/core