CVE-2024-45506

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev0:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev1:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev2:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev3:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev4:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev5:*:*:*:*:*:*

History

14 Oct 2024, 03:15

Type Values Removed Values Added
Summary (en) HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service. (en) HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

05 Sep 2024, 14:39

Type Values Removed Values Added
References () http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c - () http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c - Broken Link
References () http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f - () http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f - Broken Link
References () https://www.haproxy.org/ - () https://www.haproxy.org/ - Product
References () https://www.haproxy.org/download/3.1/src/CHANGELOG - () https://www.haproxy.org/download/3.1/src/CHANGELOG - Release Notes
References () https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html - () https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html - Release Notes
References () https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html - () https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html - Release Notes
CWE NVD-CWE-noinfo
Summary
  • (es) HAProxy 2.9.x antes de 2.9.10, 3.0.x antes de 3.0.4 y 3.1.x hasta 3.1-dev6 permiten una denegación de servicio remota.
CPE cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev1:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev4:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev2:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev0:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev3:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:3.1:dev5:*:*:*:*:*:*
First Time Haproxy
Haproxy haproxy

04 Sep 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

04 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 15:15

Updated : 2024-10-14 03:15


NVD link : CVE-2024-45506

Mitre link : CVE-2024-45506

CVE.ORG link : CVE-2024-45506


JSON object : View

Products Affected

haproxy

  • haproxy