CVE-2024-45506: High severity haproxy vulnerability
Published Sep 4, 2024
·Updated
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2send loop) under a certain set of conditions, as exploited in the wild in 2024.
Affected Software
8 affected components
HAProxy HAProxy>=2.9.0<2.9.10
HAProxy HAProxy>=3.0.0<3.0.4
HAProxy HAProxy=3.1-dev0
HAProxy HAProxy=3.1-dev1
HAProxy HAProxy=3.1-dev2
HAProxy HAProxy=3.1-dev3
HAProxy HAProxy=3.1-dev4
HAProxy HAProxy=3.1-dev5
Event History
Sep 4, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·03:15 PM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2024-45506?
CVE-2024-45506 is classified as a remote denial of service vulnerability.
2
Which HAProxy versions are affected by CVE-2024-45506?
The affected HAProxy versions are 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6.
3
How do I fix CVE-2024-45506?
To fix CVE-2024-45506, upgrade your HAProxy to version 2.9.10 or 3.0.4 and later.
4
What types of attacks does CVE-2024-45506 facilitate?
CVE-2024-45506 facilitates remote denial of service attacks against the HAProxy service.
5
Is exploit code available for CVE-2024-45506?
As of the latest information, there is no publicly available exploit code for CVE-2024-45506.