VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kcam-7y4u-vyg2

Essentials
Severities (17)
References (11)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kcam-7y4u-vyg2
Aliases	CVE-2025-32464
Summary	HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
Status	Published
Exploitability	0.5
Weighted Severity	6.1
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1025

Comparison Using Wrong Factors

System	Score	Found at
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32464.json
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
epss	0.0055	https://api.first.org/data/v1/epss?cve=CVE-2025-32464
cvssv3.1	6.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.8	https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559
ssvc	Track	https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32464.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-32464
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32464
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559
		https://lists.debian.org/debian-lts-announce/2025/04/msg00031.html
1102673		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102673
2358543		https://bugzilla.redhat.com/show_bug.cgi?id=2358543
CVE-2025-32464		https://nvd.nist.gov/vuln/detail/CVE-2025-32464
USN-7431-1		https://usn.ubuntu.com/7431-1/
USN-7431-2		https://usn.ubuntu.com/7431-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32464.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T19:23:34Z/ Found at https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559

Exploit Prediction Scoring System (EPSS)

Percentile	0.66942
EPSS Score	0.0055
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:21:43.655223+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/7431-1/	36.1.3