Is haproxy impacted by CVE-2022-37434?

I try to find out if haproxy and keepalived are or can be affected by CVE-2022-37434

I’ve tried to grep source code of both applications to find method inflateGetHeader which is the cause of the problem. Didn’t find anything

No, haproxy does not call inflateGetHeader so it isn’t affected even if linked against a vulnerable zlib version.

1 Like