Is haproxy impacted by CVE-2022-37434?

tomaszc · November 24, 2022, 11:46am

I try to find out if haproxy and keepalived are or can be affected by CVE-2022-37434

I’ve tried to grep source code of both applications to find method inflateGetHeader which is the cause of the problem. Didn’t find anything

lukastribus · November 24, 2022, 2:02pm

No, haproxy does not call inflateGetHeader so it isn’t affected even if linked against a vulnerable zlib version.

Topic		Replies	Views
HAProxy 1.8.18/19 occasional crashes with multi-threading enabled Help!	5	1216	March 8, 2019
HAProxy v1.9.2 crash during reload (or shortly thereafter) Help!	11	1187	February 7, 2019
Upgrading Haproxy 1.5.18 to 1.7.x or 1.8.x Help!	5	6262	January 29, 2018
Haproxy process getting killed Help!	4	487	December 31, 2021
Upgrading HAProxy 1.4 to 1.5+ for SSL termination? Help!	2	581	May 2, 2019