CVE-2021-40346: Integer Overflow
First published: Wed Sep 08 2021(Updated: )
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/haproxy | 1.8.19-1+deb10u3 1.8.19-1+deb10u4 2.2.9-2+deb11u5 2.6.12-1 2.6.15-1 | |
| Haproxy Haproxy | >=2.0.0<2.0.25 | |
| Haproxy Haproxy | >=2.2.0<2.2.17 | |
| Haproxy Haproxy | >=2.3.0<2.3.14 | |
| Haproxy Haproxy | >=2.4.0<2.4.4 | |
| Haproxy Haproxy | =2.5-dev0 | |
| Haproxy Haproxy | =2.5-dev1 | |
| Haproxy Haproxy | =2.5-dev2 | |
| Haproxy Haproxy | =2.5-dev3 | |
| Haproxy Haproxy | =2.5-dev4 | |
| Haproxy Haproxy | =2.5-dev5 | |
| Haproxy Haproxy | =2.5-dev6 | |
| Debian Debian Linux | =11.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
- https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
- https://security-tracker.debian.org/tracker/CVE-2021-40346
- https://git.haproxy.org/?p=haproxy.git
- https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
- https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
- https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120@%3Cdev.cloudstack.apache.org%3E
- https://lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9af94601554e2a5a@%3Cdev.cloudstack.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7V2IYO22LWVBGUNZWVKNTMDV4KINLFO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXTSBY2TEAXWZVFQM3CXHJFRONX7PEMN/
- https://www.debian.org/security/2021/dsa-4968
- https://www.mail-archive.com/haproxy@formilux.org
- https://www.mail-archive.com/haproxy%40formilux.org
- https://www.mail-archive.com/haproxy%40formilux.org/msg41114.html
- https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120%40%3Cdev.cloudstack.apache.org%3E
- https://lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9af94601554e2a5a%40%3Cdev.cloudstack.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7V2IYO22LWVBGUNZWVKNTMDV4KINLFO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXTSBY2TEAXWZVFQM3CXHJFRONX7PEMN/
Frequently Asked Questions
What is the vulnerability ID for this HAProxy integer overflow vulnerability?
The vulnerability ID for this HAProxy integer overflow vulnerability is CVE-2021-40346.
What is the severity of CVE-2021-40346?
CVE-2021-40346 has a severity rating of 7.5 (high).
How does the integer overflow vulnerability in HAProxy 2.0 through 2.5 impact security?
The integer overflow vulnerability in HAProxy 2.0 through 2.5 can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Which versions of HAProxy are affected by CVE-2021-40346?
HAProxy versions 2.0 through 2.5 are affected by CVE-2021-40346.
How can I mitigate the CVE-2021-40346 vulnerability in HAProxy?
To mitigate the CVE-2021-40346 vulnerability in HAProxy, upgrade to the fixed versions, such as 1.8.19-1+deb10u3, 1.8.19-1+deb10u4, 2.2.9-2+deb11u5, 2.6.12-1, or 2.6.15-1 depending on your HAProxy version.
- collector/security-tracker-debian
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/haproxy
- canonical/haproxy haproxy
- version/haproxy haproxy/2.0.0
- version/haproxy haproxy/2.2.0
- version/haproxy haproxy/2.3.0
- version/haproxy haproxy/2.4.0
- version/haproxy haproxy/2.5-dev0
- version/haproxy haproxy/2.5-dev1
- version/haproxy haproxy/2.5-dev2
- version/haproxy haproxy/2.5-dev3
- version/haproxy haproxy/2.5-dev4
- version/haproxy haproxy/2.5-dev5
- version/haproxy haproxy/2.5-dev6
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34