CVE-2021-40346

high-risk

Published 2021-09-08

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

Do I need to act?

92.4% chance of exploitation in next 30 days

EPSS score — higher than 8% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (11)

Haproxy

Debian Linux

Fedora

Affected Vendors

Debian Fedoraproject Haproxy

References (20)

Patch https://git.haproxy.org/?p=haproxy.git

Patch https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c...

Exploit https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-...

https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc41087...

https://lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9a...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://www.debian.org/security/2021/dsa-4968

https://www.mail-archive.com/haproxy%40formilux.org

https://www.mail-archive.com/haproxy%40formilux.org/msg41114.html