CVE-2021-40346

Published: Sep 8, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.mail-archive.com/haproxy%40formilux.org

x_refsource_MISC

https://git.haproxy.org/?p=haproxy.git

x_refsource_MISC

DSA-4968

vendor-advisory

x_refsource_DEBIAN

https://www.mail-archive.com/haproxy%40formilux.org/msg41114.html

x_refsource_MISC

https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

x_refsource_MISC

https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95

x_refsource_MISC

[cloudstack-dev] 20210910 CVE-2021-40346 (haproxy 2.x)

mailing-list

x_refsource_MLIST

[cloudstack-dev] 20210910 Re: CVE-2021-40346 (haproxy 2.x)

mailing-list

x_refsource_MLIST

FEDORA-2021-3493f9f6ab

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-cd5ee418f6

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-40346

Description

Affected Products

References