{"id":"BIT-haproxy-2025-32464","details":"HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.","aliases":["CVE-2025-32464"],"modified":"2025-07-02T06:33:01.619Z","published":"2025-04-11T19:12:38.400Z","database_specific":{"cpes":["cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"],"severity":"Medium"},"references":[{"type":"WEB","url":"https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32464"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00031.html"}],"affected":[{"package":{"name":"haproxy","ecosystem":"Bitnami","purl":"pkg:bitnami/haproxy"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.2.0"},{"fixed":"2.9.6"},{"introduced":"3.0.0"},{"fixed":"3.1.7"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/haproxy/BIT-haproxy-2025-32464.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}]}],"schema_version":"1.7.3"}