{"id":"USN-8459-1","summary":"haproxy vulnerabilities","details":"It was discovered that HAProxy incorrectly handled the FCGI demultiplexer\nrecord length field. A remote attacker could possibly use this issue to\ncause incorrect request routing, response smuggling, or other memory safety\nissues. (CVE-2026-55203)\n\nIt was discovered that HAProxy failed to validate the return value of the\nHPACK dynamic table defragmentation function when memory was exhausted. A\nremote attacker could possibly use this issue to cause HAProxy to crash,\nresulting in a denial of service. (CVE-2026-55204)","modified":"2026-06-29T13:51:19.486170986Z","published":"2026-06-22T13:55:06Z","related":["UBUNTU-CVE-2026-55203","UBUNTU-CVE-2026-55204"],"upstream":["UBUNTU-CVE-2026-55203","UBUNTU-CVE-2026-55204"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8459-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-55203"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-55204"}],"affected":[{"package":{"name":"haproxy","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/haproxy?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.30-0ubuntu0.22.04.2"}]}],"versions":["2.2.9-2ubuntu2","2.4.8-1","2.4.8-2ubuntu3","2.4.11-1ubuntu1","2.4.12-1ubuntu1","2.4.12-1ubuntu2","2.4.13-1ubuntu1","2.4.14-1ubuntu1","2.4.18-0ubuntu1","2.4.18-0ubuntu1.1","2.4.18-0ubuntu1.2","2.4.18-0ubuntu1.3","2.4.22-0ubuntu0.22.04.1","2.4.22-0ubuntu0.22.04.2","2.4.22-0ubuntu0.22.04.3","2.4.24-0ubuntu0.22.04.1","2.4.24-0ubuntu0.22.04.2","2.4.24-0ubuntu0.22.04.3","2.4.29-0ubuntu0.22.04.1","2.4.30-0ubuntu0.22.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"haproxy","binary_version":"2.4.30-0ubuntu0.22.04.2"},{"binary_name":"vim-haproxy","binary_version":"2.4.30-0ubuntu0.22.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8459-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2026-55203","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-55204","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"haproxy","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/haproxy?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.16-0ubuntu0.24.04.3"}]}],"versions":["2.6.15-1ubuntu2","2.8.5-1ubuntu1","2.8.5-1ubuntu2","2.8.5-1ubuntu3","2.8.5-1ubuntu3.1","2.8.5-1ubuntu3.2","2.8.5-1ubuntu3.3","2.8.5-1ubuntu3.4","2.8.15-0ubuntu0.24.04.1","2.8.16-0ubuntu0.24.04.1","2.8.16-0ubuntu0.24.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"haproxy","binary_version":"2.8.16-0ubuntu0.24.04.3"},{"binary_name":"vim-haproxy","binary_version":"2.8.16-0ubuntu0.24.04.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8459-1.json","cves_map":{"cves":[{"id":"CVE-2026-55203","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-55204","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"haproxy","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/haproxy?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.12-0ubuntu0.25.10.5"}]}],"versions":["3.0.8-1ubuntu1","3.0.8-1ubuntu1.1","3.0.10-1ubuntu1","3.0.10-1ubuntu2","3.0.10-1ubuntu3","3.0.12-0ubuntu0.25.10.1","3.0.12-0ubuntu0.25.10.3","3.0.12-0ubuntu0.25.10.4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"haproxy","binary_version":"3.0.12-0ubuntu0.25.10.5"},{"binary_name":"vim-haproxy","binary_version":"3.0.12-0ubuntu0.25.10.5"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"id":"CVE-2026-55203","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-55204","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8459-1.json"}},{"package":{"name":"haproxy","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/haproxy?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.9-1ubuntu2.2"}]}],"versions":["3.0.10-1ubuntu3","3.2.9-1ubuntu1","3.2.9-1ubuntu2","3.2.9-1ubuntu2.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"haproxy","binary_version":"3.2.9-1ubuntu2.2"},{"binary_name":"vim-haproxy","binary_version":"3.2.9-1ubuntu2.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8459-1.json","cves_map":{"cves":[{"id":"CVE-2026-55203","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-55204","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:26.04:LTS"}}}],"schema_version":"1.7.5"}