{"id":"CVE-2025-32464","details":"HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.","aliases":["BIT-haproxy-2025-32464"],"modified":"2026-04-16T04:40:27.503545698Z","published":"2025-04-09T03:15:16.847Z","related":["CGA-224q-ccj5-2p53","SUSE-SU-2025:1264-1","SUSE-SU-2025:1338-1","openSUSE-SU-2025:15200-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00031.html"},{"type":"FIX","url":"https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/haproxy/haproxy","events":[{"introduced":"3a00c915fd241fc398a080a11ccac9c5c46791ce"},{"last_affected":"599f043e74722fc54483b55d01b286d221c29710"},{"fixed":"3e3b9eebf871510aee36c3a3336faac2f38c9559"}],"database_specific":{"versions":[{"introduced":"2.2"},{"last_affected":"3.1.6"}]}}],"versions":["v2.2.0","v2.3-dev0","v2.3-dev1","v2.3-dev2","v2.3-dev3","v2.3-dev4","v2.3-dev5","v2.3-dev6","v2.3-dev7","v2.3-dev8","v2.3-dev9","v2.3.0","v2.4-dev0","v2.4-dev1","v2.4-dev10","v2.4-dev11","v2.4-dev12","v2.4-dev13","v2.4-dev14","v2.4-dev15","v2.4-dev16","v2.4-dev17","v2.4-dev18","v2.4-dev19","v2.4-dev2","v2.4-dev3","v2.4-dev4","v2.4-dev5","v2.4-dev6","v2.4-dev7","v2.4-dev8","v2.4-dev9","v2.4.0","v2.5-dev0","v2.5-dev1","v2.5-dev10","v2.5-dev11","v2.5-dev12","v2.5-dev13","v2.5-dev14","v2.5-dev15","v2.5-dev2","v2.5-dev3","v2.5-dev4","v2.5-dev5","v2.5-dev6","v2.5-dev7","v2.5-dev8","v2.5-dev9","v2.5.0","v2.6-dev0","v2.6-dev1","v2.6-dev10","v2.6-dev11","v2.6-dev12","v2.6-dev2","v2.6-dev3","v2.6-dev4","v2.6-dev5","v2.6-dev6","v2.6-dev7","v2.6-dev8","v2.6-dev9","v2.6.0","v2.7-dev0","v2.7-dev1","v2.7-dev10","v2.7-dev2","v2.7-dev3","v2.7-dev4","v2.7-dev5","v2.7-dev6","v2.7-dev7","v2.7-dev8","v2.7-dev9","v2.7.0","v2.8-dev0","v2.8-dev1","v2.8-dev10","v2.8-dev11","v2.8-dev12","v2.8-dev13","v2.8-dev2","v2.8-dev3","v2.8-dev4","v2.8-dev5","v2.8-dev6","v2.8-dev7","v2.8-dev8","v2.8-dev9","v2.8.0","v2.9-dev0","v2.9-dev1","v2.9-dev10","v2.9-dev11","v2.9-dev12","v2.9-dev2","v2.9-dev3","v2.9-dev4","v2.9-dev5","v2.9-dev6","v2.9-dev7","v2.9-dev8","v2.9-dev9","v2.9.0","v3.0-dev0","v3.0-dev1","v3.0-dev10","v3.0-dev11","v3.0-dev12","v3.0-dev13","v3.0-dev2","v3.0-dev3","v3.0-dev4","v3.0-dev5","v3.0-dev6","v3.0-dev7","v3.0-dev8","v3.0-dev9","v3.0.0","v3.1-dev0","v3.1-dev1","v3.1-dev10","v3.1-dev11","v3.1-dev12","v3.1-dev13","v3.1-dev14","v3.1-dev2","v3.1-dev3","v3.1-dev4","v3.1-dev5","v3.1-dev6","v3.1-dev7","v3.1-dev8","v3.1-dev9","v3.1.0","v3.2-dev0","v3.2-dev1","v3.2-dev2","v3.2-dev3","v3.2-dev4","v3.2-dev5","v3.2-dev6","v3.2-dev7","v3.2-dev8","v3.2-dev9"],"database_specific":{"vanir_signatures_modified":"2026-04-12T15:15:01Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32464.json","vanir_signatures":[{"signature_type":"Line","source":"https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559","signature_version":"v1","id":"CVE-2025-32464-c78e104a","deprecated":false,"target":{"file":"src/sample.c"},"digest":{"line_hashes":["44363929548633845708281771554896885601","240967002129204781698066168046627257709","235401145960306073107861320431440768315","310455282523349447692393506674566175291"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}]}