Unrated severityNVD Advisory· Published Sep 8, 2021· Updated Aug 4, 2024
CVE-2021-40346
CVE-2021-40346
Description
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Affected products
6- HAProxy/HAProxydescription
- osv-coords5 versionspkg:bitnami/haproxypkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/haproxy&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3
>= 2.0.0, < 2.0.25+ 4 more
- (no CPE)range: >= 2.0.0, < 2.0.25
- (no CPE)range: < 2.0.14-3.31.1
- (no CPE)range: < 2.0.14-8.23.1
- (no CPE)range: < 2.0.14-11.11.1
- (no CPE)range: < 2.0.14-11.11.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7V2IYO22LWVBGUNZWVKNTMDV4KINLFO/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXTSBY2TEAXWZVFQM3CXHJFRONX7PEMN/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2021/dsa-4968mitrevendor-advisoryx_refsource_DEBIAN
- github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95mitrex_refsource_MISC
- jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/mitrex_refsource_MISC
- lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120%40%3Cdev.cloudstack.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9af94601554e2a5a%40%3Cdev.cloudstack.apache.org%3Emitremailing-listx_refsource_MLIST
- www.mail-archive.com/haproxy%40formilux.orgmitrex_refsource_MISC
- www.mail-archive.com/haproxy%40formilux.org/msg41114.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.