CVE-2024-45506

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45506

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45506.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45506

Aliases

BIT-haproxy-2024-45506

Related

Published

2024-09-04T15:15:14Z

Modified

2025-07-08T05:01:05.384648Z

Downstream

openSUSE-SU-2024:14307-1

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

References

Affected packages

Debian:13 / haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10-1

Affected versions

2.*

2.6.12-1

2.6.13-1

2.6.14-1

2.6.15-1

2.7.0-1

2.7.1-1

2.7.2-1

2.7.2-2

2.7.3-1

2.7.4-1

2.7.5-1

2.7.6-1

2.7.7-1

2.7.8-1

2.8.0-1

2.8.1-1

2.8.2-1

2.8.3-1

2.8.4-1

2.8.4-2

2.8.5-1

2.9.0-1

2.9.1-1

2.9.2-1

2.9.3-1

2.9.4-1

2.9.5-1

2.9.6-1

2.9.7-1

2.9.8-1

2.9.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.haproxy.org/haproxy.git

Affected ranges

Type: GIT
Repo: https://git.haproxy.org/haproxy.git
Events: Introduced

5590ada4731a1f75004675680b4bdca61fa4c507

Fixed

dec017575d3a18c92e0d112bc8b92e1c557a10b8

Type: GIT
Repo: https://github.com/haproxy/haproxy
Events: Introduced

fddb8c13b6811b3b34eba0ad58d1f5fd5a3c7f60

Fixed

db09cd6ad4655a72326e8a52a7c014781292986b

CVE-2024-45506

Affected packages

Debian:13 / haproxy

Package

Affected ranges

Affected versions

2.*

Ecosystem specific

Git / git.haproxy.org/haproxy.git

Affected ranges

Affected versions

v2.*

v3.*