CVE-2022-0711

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0711

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0711.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0711

Aliases

BIT-haproxy-2022-0711

Related

Published

2022-03-02T22:15:08Z

Modified

2024-12-03T00:57:02.112883Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

References

Affected packages

Alpine:v3.12 / haproxy

Package

Name: haproxy
Purl: pkg:apk/alpine/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.21-r0

Affected versions

1.*

1.3.17-r0

1.3.20-r0

1.3.20-r1

1.3.20-r2

1.4.10-r1

1.4.11-r0

1.4.15-r0

1.4.18-r0

1.4.18-r1

1.4.18-r2

1.4.18-r3

1.4.18-r4

1.4.22-r0

1.4.22-r1

1.4.22-r2

1.4.22-r3

1.4.23-r0

1.4.24-r0

1.4.24-r1

1.4.24-r2

1.4.24-r3

1.4.25-r0

1.5.11-r0

1.5.11-r1

1.5.12-r0

1.5.14-r0

1.6.4-r1

1.6.5-r0

1.6.6-r0

1.6.6-r1

1.6.7-r0

1.6.9-r0

1.6.9-r1

1.7.1-r0

1.7.2-r0

1.7.3-r0

1.7.4-r0

1.7.5-r0

1.7.5-r1

1.7.7-r0

1.7.8-r0

1.7.9-r0

1.7.9-r1

1.7.9-r2

1.8.5-r0

1.8.12-r0

1.8.12-r1

1.9.5-r0

1.9.6-r0

1.9.7-r0

2.*

2.0.0-r0

2.0.1-r0

2.0.3-r0

2.0.4-r0

2.0.5-r0

2.0.6-r0

2.0.7-r0

2.0.8-r0

2.0.9-r0

2.0.11-r0

2.0.12-r0

2.1.0-r0

2.1.1-r0

2.1.2-r0

2.1.3-r0

2.1.4-r0

2.1.8-r0

2.1.9-r0

2.1.10-r0

2.1.11-r0

2.1.12-r0

2.2.16-r0

2.2.16-r1

2.2.17-r1

2.2.20-r0

Alpine:v3.13 / haproxy

Package

Name: haproxy
Purl: pkg:apk/alpine/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.21-r0

Affected versions

1.*

1.3.17-r0

1.3.20-r0

1.3.20-r1

1.3.20-r2

1.4.10-r1

1.4.11-r0

1.4.15-r0

1.4.18-r0

1.4.18-r1

1.4.18-r2

1.4.18-r3

1.4.18-r4

1.4.22-r0

1.4.22-r1

1.4.22-r2

1.4.22-r3

1.4.23-r0

1.4.24-r0

1.4.24-r1

1.4.24-r2

1.4.24-r3

1.4.25-r0

1.5.11-r0

1.5.11-r1

1.5.12-r0

1.5.14-r0

1.6.4-r1

1.6.5-r0

1.6.6-r0

1.6.6-r1

1.6.7-r0

1.6.9-r0

1.6.9-r1

1.7.1-r0

1.7.2-r0

1.7.3-r0

1.7.4-r0

1.7.5-r0

1.7.5-r1

1.7.7-r0

1.7.8-r0

1.7.9-r0

1.7.9-r1

1.7.9-r2

1.8.5-r0

1.8.12-r0

1.8.12-r1

1.9.5-r0

1.9.6-r0

1.9.7-r0

2.*

2.0.0-r0

2.0.1-r0

2.0.3-r0

2.0.4-r0

2.0.5-r0

2.0.6-r0

2.0.7-r0

2.0.8-r0

2.0.9-r0

2.0.11-r0

2.0.12-r0

2.1.0-r0

2.1.1-r0

2.1.2-r0

2.1.3-r0

2.1.4-r0

2.1.5-r0

2.1.6-r0

2.1.7-r0

2.2.0-r0

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.4-r0

2.2.4-r1

2.2.5-r0

2.2.6-r0

2.2.7-r0

2.2.9-r0

2.2.10-r0

2.2.11-r0

2.2.14-r0

2.2.15-r0

2.2.16-r0

2.2.16-r1

2.2.17-r0

2.2.20-r0

Debian:11 / haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.9-2+deb11u3

Affected versions

2.*

2.2.9-2

2.2.9-2+deb11u1~bpo10+1

2.2.9-2+deb11u1

2.2.9-2+deb11u2~bpo10+1

2.2.9-2+deb11u2

2.2.9-2+deb11u3~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.haproxy.org/haproxy-2.7.git

Affected ranges

Type: GIT
Repo: https://git.haproxy.org/haproxy-2.7.git
Events: Introduced

6cbbecf09734aeb5fa8bb88f36f06a6f6d35e813

Fixed

09cc669afb35fa362c9e42ab42c85f21cbdecd9d

Type: GIT
Repo: https://github.com/haproxy/haproxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.16

v1.1.17

v1.1.18

v1.1.19

v1.1.2

v1.1.20

v1.1.21

v1.1.22

v1.1.23

v1.1.24

v1.1.25

v1.1.26

v1.1.27

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.1-pre1

v1.2.1-pre2

v1.2.1-pre3

v1.2.10

v1.2.10.1

v1.2.11

v1.2.11.1

v1.2.12

v1.2.13

v1.2.13.1

v1.2.14

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.5-pre1

v1.2.5-pre2

v1.2.5-pre3

v1.2.5-pre4

v1.2.5.1

v1.2.5.2

v1.2.6

v1.2.6-pre4

v1.2.6-pre5

v1.2.7

v1.2.7.1

v1.2.7rc

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.10

v1.3.10.1

v1.3.10.2

v1.3.11

v1.3.11.1

v1.3.11.2

v1.3.11.3

v1.3.11.4

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.16-rc1

v1.3.16-rc2

v1.3.17

v1.3.18

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.6.1

v1.3.7

v1.3.8

v1.3.8.1

v1.3.8.2

v1.3.9

v1.4-dev0

v1.4-dev1

v1.4-dev2

v1.4-dev3

v1.4-dev4

v1.4-dev5

v1.4-dev6

v1.4-dev7

v1.4-dev8

v1.4-rc1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.5-dev10

v1.5-dev12

v1.5-dev13

v1.5-dev14

v1.5-dev15

v1.5-dev16

v1.5-dev17

v1.5-dev18

v1.5-dev19

v1.5-dev20

v1.5-dev21

v1.5-dev22

v1.5-dev23

v1.5-dev24

v1.5-dev25

v1.5-dev26

v1.5-dev8

v1.5-dev9

v1.5.0

v1.6-dev0

v1.6-dev1

v1.6-dev2

v1.6-dev3

v1.6-dev4

v1.6-dev5

v1.6-dev6

v1.6-dev7

v1.6.0

v1.7-dev0

v1.7-dev1

v1.7-dev2

v1.7-dev3

v1.7-dev4

v1.7-dev5

v1.7-dev6

v1.7.0

v1.8-dev0

v1.8-dev1

v1.8-dev2

v1.8-dev3

v1.8-rc1

v1.8-rc2

v1.8-rc3

v1.8-rc4

v1.8.0

v1.9-dev0

v1.9-dev1

v1.9-dev10

v1.9-dev11

v1.9-dev2

v1.9-dev3

v1.9-dev4

v1.9-dev5

v1.9-dev6

v1.9-dev7

v1.9-dev8

v1.9-dev9

v1.9.0

v2.*

v2.0-dev0

v2.0-dev1

v2.0-dev2

v2.0-dev3

v2.0-dev4

v2.0-dev5

v2.0-dev6

v2.0-dev7

v2.0.0

v2.1-dev0

v2.1-dev1

v2.1-dev2

v2.1-dev3

v2.1-dev4

v2.1-dev5

v2.1.0

v2.2-dev0

v2.2-dev1

v2.2-dev10

v2.2-dev11

v2.2-dev12

v2.2-dev2

v2.2-dev3

v2.2-dev4

v2.2-dev5

v2.2-dev6

v2.2-dev7

v2.2-dev8

v2.2-dev9

v2.2.0

v2.3-dev0

v2.3-dev1

v2.3-dev2

v2.3-dev3

v2.3-dev4

v2.3-dev5

v2.3-dev6

v2.3-dev7

v2.3-dev8

v2.3-dev9

v2.3.0

v2.4-dev0

v2.4-dev1

v2.4-dev10

v2.4-dev11

v2.4-dev12

v2.4-dev13

v2.4-dev14

v2.4-dev15

v2.4-dev16

v2.4-dev17

v2.4-dev18

v2.4-dev19

v2.4-dev2

v2.4-dev3

v2.4-dev4

v2.4-dev5

v2.4-dev6

v2.4-dev7

v2.4-dev8

v2.4-dev9

v2.4.0

v2.5-dev0

v2.5-dev1

v2.5-dev10

v2.5-dev11

v2.5-dev12

v2.5-dev13

v2.5-dev14

v2.5-dev15

v2.5-dev2

v2.5-dev3

v2.5-dev4

v2.5-dev5

v2.5-dev6

v2.5-dev7

v2.5-dev8

v2.5-dev9

v2.5.0

v2.6-dev0

v2.6-dev1