CVE Catalog

CVE-2026-55204

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

35th percentile — higher than 35% of all known CVEs

Summary

HAProxy through version 3.4.0 contains a null pointer dereference vulnerability in the hpack_dht_insert() function in src/hpack-tbl.c. The flaw is due to missing validation of the return value from hpack_dht_defrag() when the memory pool is exhausted, which can crash HAProxy worker processes.

Risk Assessment

An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.

Recommendation

Immediately update HAProxy to a version containing the fix from commit 9a6d1fe or later. If updating is not possible, restrict access to interfaces using HPACK compression.

Original NVD description (English source)

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS