CVE-2024-49214: Medium severity aprox aproxengine vulnerability
Published Oct 14, 2024
·Updated
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
Affected Software
4 affected componentsFixes available
HAProxy HAProxy<3.1-dev7
HAProxy HAProxy<3.0.5
HAProxy HAProxy<2.9.11
Microsoft cbl2 haproxy 2.4.24-1
Event History
Oct 14, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverity
Data Sourced
via NVD·04:15 AM
DescriptionSeverityWeakness
Oct 1, 2025
Data Sourced
via Microsoft·11:11 PM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·11:11 PM
Affected Software
Updated
via Microsoft·11:11 PM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2024-49214?
CVE-2024-49214 is considered a significant vulnerability due to its potential to bypass IP allow/block list functionalities.
2
How do I fix CVE-2024-49214?
To fix CVE-2024-49214, upgrade HAProxy to version 3.1-dev7 or later, 3.0.5 or later, or 2.9.11 or later.
3
What versions of HAProxy are affected by CVE-2024-49214?
CVE-2024-49214 affects HAProxy versions prior to 3.1-dev7, 3.0.5, and 2.9.11.
4
What type of attack does CVE-2024-49214 allow?
CVE-2024-49214 allows an attacker to open a 0-RTT session with a spoofed IP address.
5
Can CVE-2024-49214 impact network security?
Yes, CVE-2024-49214 can significantly impact network security by allowing unauthorized access to services that rely on IP filtering.