{}

{}

{}

{"bugzilla": {"description": "haproxy: denial of service vulnerability in HAProxy mjson library", "id": "2413003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413003"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-407", "details": ["A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the json_query or jwt_payload_query function"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-11230", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "haproxy", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-10-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11230\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11230"], "threat_severity": "Important"}

{}