CVE-2021-40346

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:2.5:dev0:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:2.5:dev1:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:2.5:dev2:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:2.5:dev3:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:2.5:dev4:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:2.5:dev5:*:*:*:*:*:*
cpe:2.3:a:haproxy:haproxy:2.5:dev6:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Information

Published : 2021-09-08 10:15

Updated : 2021-09-17 15:15


NVD link : CVE-2021-40346

Mitre link : CVE-2021-40346


JSON object : View

CWE
CWE-190

Integer Overflow or Wraparound

Products Affected

haproxy

  • haproxy

debian

  • debian_linux