HAProxy 2.2-3.1.6 Heap Buffer Overflow in sample_conv_regsub
CVE-2025-32464 Published on April 9, 2025
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
Weakness Type
Comparison Using Wrong Factors
The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses. This can lead to incorrect results and resultant weaknesses. For example, the code might inadvertently compare references to objects, instead of the relevant contents of those objects, causing two "equal" objects to be considered unequal.
Products Associated with CVE-2025-32464
Want to know whenever a new CVE is published for HAProxy? stack.watch will email you.
Affected Versions
HAProxy:- Version 2.2, <= 3.1.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.