CVE-2024-45506
First published: Wed Sep 04 2024(Updated: )
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Haproxy Haproxy | >=2.9.0<2.9.10 | |
| Haproxy Haproxy | >=3.0.0<3.0.4 | |
| Haproxy Haproxy | =3.1-dev0 | |
| Haproxy Haproxy | =3.1-dev1 | |
| Haproxy Haproxy | =3.1-dev2 | |
| Haproxy Haproxy | =3.1-dev3 | |
| Haproxy Haproxy | =3.1-dev4 | |
| Haproxy Haproxy | =3.1-dev5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.haproxy.org/
- https://www.haproxy.org/download/3.1/src/CHANGELOG
- https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
- http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c
- http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/haproxy
- canonical/haproxy haproxy
- version/haproxy haproxy/2.9.0
- version/haproxy haproxy/3.0.0
- version/haproxy haproxy/3.1-dev0
- version/haproxy haproxy/3.1-dev1
- version/haproxy haproxy/3.1-dev2
- version/haproxy haproxy/3.1-dev3
- version/haproxy haproxy/3.1-dev4
- version/haproxy haproxy/3.1-dev5