216.73.217.176

CVE-2024-45506

· Published 04/09/2024 15:15 · Modified 14/10/2024 03:15

Labels: CVE-2024-45506 2024-09-04CVE-2024-45506NVD-CWE-noinfo[email protected]

Essential information

Published
04/09/2024 15:15
Modified
14/10/2024 03:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:3.1:dev0:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:3.1:dev1:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:3.1:dev2:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:3.1:dev3:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:3.1:dev4:*:*:*:*:*:*
haproxy / haproxy cpe:2.3:a:haproxy:haproxy:3.1:dev5:*:*:*:*:*:*

References