Medium severity5.3OSV Advisory· Published Oct 14, 2024· Updated Apr 15, 2026
CVE-2024-49214
CVE-2024-49214
Description
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:apk/chainguard/haproxy-3.0pkg:apk/wolfi/haproxy-3.0pkg:bitnami/haproxypkg:deb/ubuntu/haproxy?arch=src?distro=noblepkg:deb/ubuntu/haproxy?arch=src?distro=oracularpkg:rpm/opensuse/haproxy&distro=openSUSE%20Tumbleweed
< 3.0.5-r0+ 5 more
- (no CPE)range: < 3.0.5-r0
- (no CPE)range: < 3.0.5-r0
- (no CPE)range: < 2.9.11
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: < 3.0.5+git0.8e879a52e-2.1
Patches
Vulnerability mechanics
References
7- github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46nvd
- www.haproxy.org/download/2.9/src/CHANGELOGnvd
- www.haproxy.org/download/3.0/src/CHANGELOGnvd
- www.haproxy.org/download/3.1/src/CHANGELOGnvd
- www.mail-archive.com/haproxy%40formilux.org/msg45291.htmlnvd
- www.mail-archive.com/haproxy%40formilux.org/msg45314.htmlnvd
- www.mail-archive.com/haproxy%40formilux.org/msg45315.htmlnvd
News mentions
0No linked articles in our index yet.