{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-07-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-12-23T18:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2015:1741","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-1741.html"},{"name":"openSUSE-SU-2015:1831","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.haproxy.org/news.html"},{"name":"RHSA-2015:2666","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-2666.html"},{"name":"USN-2668-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2668-1"},{"name":"SUSE-SU-2015:1663","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4"},{"name":"DSA-3301","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2015/dsa-3301"},{"name":"75554","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/75554"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T05:39:32.116Z"},"title":"CVE Program Container","references":[{"name":"RHSA-2015:1741","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-1741.html"},{"name":"openSUSE-SU-2015:1831","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.haproxy.org/news.html"},{"name":"RHSA-2015:2666","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-2666.html"},{"name":"USN-2668-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2668-1"},{"name":"SUSE-SU-2015:1663","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4"},{"name":"DSA-3301","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2015/dsa-3301"},{"name":"75554","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/75554"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2015-3281","datePublished":"2015-07-06T14:55:00.000Z","dateReserved":"2015-04-10T00:00:00.000Z","dateUpdated":"2024-08-06T05:39:32.116Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}