CVE-2021-40346

CVE Database · CVE-2021-40346

CVE-2021-40346

· HIGHModified

CVSS v3.1

7.5

EPSS

56.08%

Published

Sep 8, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-190

Affected Products (14)

haproxy · haproxy (up to 2.0.25)vulnerable

haproxy · haproxy (up to 2.2.17)vulnerable

haproxy · haproxy (up to 2.3.14)vulnerable

haproxy · haproxy (up to 2.4.4)vulnerable

haproxy · haproxyvulnerable

· haproxy

References (20)

https://git.haproxy.org/?p=haproxy.git

PatchVendor Advisory

https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95

PatchThird Party Advisory

https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

ExploitMitigationThird Party Advisory

https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120%40%3Cdev.cloudstack.apache.org%3E

https://lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9af94601554e2a5a%40%3Cdev.cloudstack.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7V2IYO22LWVBGUNZWVKNTMDV4KINLFO/

KEV Catalog EPSS Scores Vendors All CVEs