CVE-2025-32464

{"id": "CVE-2025-32464", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.2}]}, "published": "2025-04-09T03:15:16.847", "references": [{"url": "https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00031.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-1025"}]}], "descriptions": [{"lang": "en", "value": "HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one."}, {"lang": "es", "value": "HAProxy 2.2 a 3.1.6, en ciertas configuraciones poco comunes, tiene un desbordamiento de b\u00fafer basado en el mont\u00f3n sample_conv_regsub debido a la gesti\u00f3n incorrecta del reemplazo de m\u00faltiples patrones cortos por uno m\u00e1s largo."}], "lastModified": "2025-04-23T22:15:15.460", "sourceIdentifier": "cve@mitre.org"}