CVE-2021-40346

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-40346
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40346.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-40346
Aliases
Downstream
Related
Published
2021-09-08T17:15:12.457Z
Modified
2026-02-10T04:33:41.494228Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

References

Affected packages

Git
git.haproxy.org/haproxy-2.0.git

Affected ranges

Type
GIT
Repo
https://git.haproxy.org/haproxy-2.0.git
Events
Introduced
ba23630ad009464dc8e4d01dac9ce779eb84cc2a
Fixed
6986403b83388dff69b0d4cda2ab144b7b516936

Affected versions

v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.20
v2.0.21
v2.0.22
v2.0.23
v2.0.24
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40346.json"
git.haproxy.org/haproxy-2.2.git

Affected ranges

Type
GIT
Repo
https://git.haproxy.org/haproxy-2.2.git
Events
Introduced
3a00c915fd241fc398a080a11ccac9c5c46791ce
Fixed
dd94a25981b3e2a58e7c1b23b713267a7829a396

Affected versions

v2.*
v2.2.0
v2.2.1
v2.2.10
v2.2.11
v2.2.12
v2.2.13
v2.2.14
v2.2.15
v2.2.16
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40346.json"
git.haproxy.org/haproxy-2.3.git

Affected ranges

Type
GIT
Repo
https://git.haproxy.org/haproxy-2.3.git
Events
Introduced
1c0a722a83e7c45456a2b82c15889ab9ab5c4948
Fixed
83c5b44d7395a7b4902d8be6c69844ad1841b0eb

Affected versions

v2.*
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40346.json"
git.haproxy.org/haproxy-2.6.git

Affected ranges

Type
GIT
Repo
https://git.haproxy.org/haproxy-2.6.git
Events
Introduced
28626430d7c034bd5cd677940082ace9d0f24fc6
Fixed
623787327f79cb1adfcea0836792d6a839e89128

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40346.json"
git.haproxy.org/haproxy.git

Affected ranges

Type
GIT
Repo
https://git.haproxy.org/haproxy.git
Events
Introduced
6cbbecf09734aeb5fa8bb88f36f06a6f6d35e813
Fixed
4d711760de1ca0a3734a0a813cb0012dc3d2628a

Affected versions

v2.*
v2.4.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40346.json"