CVE-2015-3281 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3281 Interim 1 37 2025-11-05T04:51:01Z current 2021-05-30T13:29:48Z 2025-11-05T04:51:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3281 The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-October/001607.html E-Mail link for SUSE-SU-2015:1663-1 https://lists.suse.com/pipermail/sle-security-updates/2015-October/001635.html E-Mail link for SUSE-SU-2015:1776-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2ITSYHWMLEAVHDD6LY643QDCD4QIDHKE/#2ITSYHWMLEAVHDD6LY643QDCD4QIDHKE E-Mail link for openSUSE-SU-2015:1831-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Liberty Linux 7 SUSE Linux Enterprise High Availability Extension 12 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 openSUSE Tumbleweed haproxy haproxy-1.5.14-1.4 haproxy-1.5.4-12.1 haproxy-1.5.4-2.4.1 haproxy-1.5.4-4.el7_1.1 haproxy-1.6.11-10.2 haproxy-1.7.0-1.1 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-2.4.8+git0.d1f8d41e0-150400.3.3.13 haproxy-2.8.3+git0.86e043add-1.7 haproxy-2.8.3+git0.86e043add-slfo.1.1_1.2 haproxy-1.5.4-2.4.1 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 haproxy-1.5.4-4.el7_1.1 as a component of SUSE Liberty Linux 7 haproxy-1.5.4-2.4.1 as a component of SUSE Linux Enterprise High Availability Extension 12 haproxy-2.4.8+git0.d1f8d41e0-150400.3.3.13 as a component of SUSE Linux Enterprise Micro 5.3 haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 as a component of SUSE Linux Enterprise Micro 5.4 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of SUSE Linux Enterprise Micro 5.5 haproxy-1.6.11-10.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 haproxy-2.8.3+git0.86e043add-1.7 as a component of SUSE Linux Micro 6.0 haproxy-2.8.3+git0.86e043add-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 haproxy-1.5.4-12.1 as a component of SUSE OpenStack Cloud 5 haproxy-1.5.14-1.4 as a component of SUSE OpenStack Cloud 6 haproxy-1.7.0-1.1 as a component of openSUSE Tumbleweed haproxy as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. CVE-2015-3281 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:haproxy-1.5.4-2.4.1 SUSE Liberty Linux 7:haproxy-1.5.4-4.el7_1.1 SUSE Linux Enterprise High Availability Extension 12:haproxy-1.5.4-2.4.1 SUSE Linux Enterprise Micro 5.3:haproxy-2.4.8+git0.d1f8d41e0-150400.3.3.13 SUSE Linux Enterprise Micro 5.4:haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 SUSE Linux Enterprise Micro 5.5:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:haproxy-1.6.11-10.2 SUSE Linux Micro 6.0:haproxy-2.8.3+git0.86e043add-1.7 SUSE Linux Micro 6.1:haproxy-2.8.3+git0.86e043add-slfo.1.1_1.2 SUSE OpenStack Cloud 5:haproxy-1.5.4-12.1 SUSE OpenStack Cloud 6:haproxy-1.5.14-1.4 openSUSE Tumbleweed:haproxy-1.7.0-1.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:haproxy moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N