CVE-2026-55204

Summary

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.

Affected Software

VendorProductVersion RangeStatus
haproxyhaproxy0 <= 3.4.0affected
haproxyhaproxy9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513unaffected

Weaknesses

  • CWE-476: NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References