Vulnerability Reporthaproxy:3.4

haproxy:latesthaproxy:trixiehaproxy:lts-trixiehaproxy:ltshaproxy:3.4.0-trixiehaproxy:3.4.0haproxy:3.4-trixiehaproxy:3.4

DIGESTsha256:e4c603e1d60dc15015b188a6a3e8bd3b66cda49becc0442fe7870617b8f9747d

Executive Summary

Threat ScoreCAUTION• Official Docker image pinned by digest, but contains 44 exposed vulnerabilities, 4 of which are high-severity (CVSS >= 7.0).• Two high-severity glibc CVEs (CVE-2018-20796, CVE-2019-9192) enable remote denial of service via crafted regex input, affecting HAProxy's pattern matching.• Highest CVSS score is 7.5; no post-exploit vulnerabilities exist.• Trusted publisher and immutable digest reduce supply chain risk, but the image requires remediation of the glibc vulnerabilities.• No special configuration is needed to exploit these CVEs, so they apply to default deployments.

74/100CAUTION

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could trigger a denial of service by sending a specially crafted request pattern to HAProxy, exploiting uncontrolled recursion in glibc's regex engine (CVE-2018-20796 and CVE-2019-9192). Upgrading the base image to a version with patched glibc would fully eliminate these vulnerabilities. Despite being an official image pinned by digest, the presence of remotely exploitable DoS CVEs demands remediation before production use.

Vulnerabilities

Vulnerability Log

110 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2018-20796	HIGH7.5	libc-bin 2.41-12+deb13u3 No fix yet	5.8% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2019-9192	HIGH7.5	libc-bin 2.41-12+deb13u3 No fix yet	2.4% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2018-20796	HIGH7.5	libc6 2.41-12+deb13u3 No fix yet	5.8% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2019-9192	HIGH7.5	libc6 2.41-12+deb13u3 No fix yet	2.4% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	liblastlog2-2 2.41-5 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libsmartcols1 2.41-5 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	liblastlog2-2 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libsmartcols1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libblkid1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	liblastlog2-2 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libsmartcols1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.41-5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2021-45346	MEDIUM4.3	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	1.6% Low-Moderate Risk	Directly Exposed
CVE-2026-42250	MEDIUM4.25	libbz2-1.0 1.0.8-6 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	liblastlog2-2 2.41-5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.41-5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2010-4756	MEDIUM4	libc-bin 2.41-12+deb13u3 No fix yet	2.6% Low-Moderate Risk	Directly Exposed
CVE-2010-4756	MEDIUM4	libc6 2.41-12+deb13u3 No fix yet	2.6% Low-Moderate Risk	Directly Exposed
CVE-2026-48962	LOW3.98	perl-base 5.40.1-6 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.2% Low-Moderate Risk	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	4.0% Low-Moderate Risk	Post-Exploit
CVE-2019-1010022	LOW3.53	libc-bin 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2019-1010022	LOW3.53	libc6 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2019-1010023	LOW3.17	libc-bin 2.41-12+deb13u3 No fix yet	3.1% Low-Moderate Risk	Post-Exploit
CVE-2019-1010023	LOW3.17	libc6 2.41-12+deb13u3 No fix yet	3.1% Low-Moderate Risk	Post-Exploit
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	login 1:4.16.0-2+really2.41-5 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-8376	LOW3	perl-base 5.40.1-6 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	login 1:4.16.0-2+really2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-3.1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42496	LOW2.78	perl-base 5.40.1-6 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	bsdutils 1:2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	login 1:4.16.0-2+really2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.41-5 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.9% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41-5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-42497	LOW2.29	perl-base 5.40.1-6 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-9538	LOW2.29	perl-base 5.40.1-6 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.2% Low-Moderate Risk	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010024	LOW1.91	libc-bin 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2019-1010025	LOW1.91	libc-bin 2.41-12+deb13u3 No fix yet	2.3% Low-Moderate Risk	Post-Exploit
CVE-2019-1010024	LOW1.91	libc6 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2019-1010025	LOW1.91	libc6 2.41-12+deb13u3 No fix yet	2.3% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.17.4-2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.41-12+deb13u3 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.41-12+deb13u3 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2023-31437	LOW1.62	libsystemd0 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2023-31438	LOW1.62	libsystemd0 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2023-31437	LOW1.62	libudev1 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2023-31438	LOW1.62	libudev1 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.9% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	0.2% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b9 No fix yet	—	Not Applicable
CVE-2026-54411	NONE0	libpam-modules 1.7.0-5 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-54411	NONE0	libpam-modules-bin 1.7.0-5 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-54411	NONE0	libpam-runtime 1.7.0-5 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-54411	NONE0	libpam0g 1.7.0-5 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-11822	NONE0	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-11824	NONE0	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.2% Theoretical Threat	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-base 5.40.1-6 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2025-15649	NONE0	perl-base 5.40.1-6 No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-7010	NONE0	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-48961	NONE0	perl-base 5.40.1-6 No fix yet	0.3% Theoretical Threat	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable