CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:41

Type Values Removed Values Added
References
  • {'url': 'https://www.mail-archive.com/haproxy@formilux.org/msg41833.html', 'name': 'https://www.mail-archive.com/haproxy@formilux.org/msg41833.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html -

Information

Published : 2022-03-02 22:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-0711

Mitre link : CVE-2022-0711

CVE.ORG link : CVE-2022-0711


JSON object : View

Products Affected

redhat

  • software_collections
  • openshift_container_platform
  • enterprise_linux

haproxy

  • haproxy

debian

  • debian_linux
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')