HAProxy 3.4.0 Null Pointer Deref in hpack_dht_insert() DoS
CVE-2026-55204 Published on June 18, 2026
HAProxy - NULL Pointer Dereference in hpack_dht_insert Function
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.
Vulnerability Analysis
CVE-2026-55204 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2026-55204
Want to know whenever a new CVE is published for HAProxy Aloha? stack.watch will email you.
Affected Versions
haproxy:- Before and including 3.4.0 is affected.
- Version 9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513 is unaffected.