CVE-2025-32464

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-32464
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32464.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-32464
Aliases
Downstream
Related
Published
2025-04-09T00:00:00Z
Modified
2026-05-18T05:59:27.188007637Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

Database specific 
{
    "cwe_ids": [
        "CWE-1025"
    ],
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32464.json"
}
References

Affected packages

Git / github.com/haproxy/haproxy

Affected ranges

Type
GIT
Repo
https://github.com/haproxy/haproxy
Events
Introduced
3a00c915fd241fc398a080a11ccac9c5c46791ce
Fixed
3e3b9eebf871510aee36c3a3336faac2f38c9559

Affected versions

v2.*
v2.2.0
v2.3-dev0
v2.3-dev1
v2.3-dev2
v2.3-dev3
v2.3-dev4
v2.3-dev5
v2.3-dev6
v2.3-dev7
v2.3-dev8
v2.3-dev9
v2.3.0
v2.4-dev0
v2.4-dev1
v2.4-dev10
v2.4-dev11
v2.4-dev12
v2.4-dev13
v2.4-dev14
v2.4-dev15
v2.4-dev16
v2.4-dev17
v2.4-dev18
v2.4-dev19
v2.4-dev2
v2.4-dev3
v2.4-dev4
v2.4-dev5
v2.4-dev6
v2.4-dev7
v2.4-dev8
v2.4-dev9
v2.4.0
v2.5-dev0
v2.5-dev1
v2.5-dev10
v2.5-dev11
v2.5-dev12
v2.5-dev13
v2.5-dev14
v2.5-dev15
v2.5-dev2
v2.5-dev3
v2.5-dev4
v2.5-dev5
v2.5-dev6
v2.5-dev7
v2.5-dev8
v2.5-dev9
v2.5.0
v2.6-dev0
v2.6-dev1
v2.6-dev10
v2.6-dev11
v2.6-dev12
v2.6-dev2
v2.6-dev3
v2.6-dev4
v2.6-dev5
v2.6-dev6
v2.6-dev7
v2.6-dev8
v2.6-dev9
v2.6.0
v2.7-dev0
v2.7-dev1
v2.7-dev10
v2.7-dev2
v2.7-dev3
v2.7-dev4
v2.7-dev5
v2.7-dev6
v2.7-dev7
v2.7-dev8
v2.7-dev9
v2.7.0
v2.8-dev0
v2.8-dev1
v2.8-dev10
v2.8-dev11
v2.8-dev12
v2.8-dev13
v2.8-dev2
v2.8-dev3
v2.8-dev4
v2.8-dev5
v2.8-dev6
v2.8-dev7
v2.8-dev8
v2.8-dev9
v2.8.0
v2.9-dev0
v2.9-dev1
v2.9-dev10
v2.9-dev11
v2.9-dev12
v2.9-dev2
v2.9-dev3
v2.9-dev4
v2.9-dev5
v2.9-dev6
v2.9-dev7
v2.9-dev8
v2.9-dev9
v2.9.0
v3.*
v3.0-dev0
v3.0-dev1
v3.0-dev10
v3.0-dev11
v3.0-dev12
v3.0-dev13
v3.0-dev2
v3.0-dev3
v3.0-dev4
v3.0-dev5
v3.0-dev6
v3.0-dev7
v3.0-dev8
v3.0-dev9
v3.0.0
v3.1-dev0
v3.1-dev1
v3.1-dev10
v3.1-dev11
v3.1-dev12
v3.1-dev13
v3.1-dev14
v3.1-dev2
v3.1-dev3
v3.1-dev4
v3.1-dev5
v3.1-dev6
v3.1-dev7
v3.1-dev8
v3.1-dev9
v3.1.0
v3.2-dev0
v3.2-dev1
v3.2-dev2
v3.2-dev3
v3.2-dev4
v3.2-dev5
v3.2-dev6
v3.2-dev7
v3.2-dev8
v3.2-dev9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32464.json"