CVE-2024-49214

Опубликовано: 14 окт. 2024

Источник: debian

EPSS Низкий

Описание

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
haproxy	fixed	2.9.11-1		package
haproxy	ignored		bookworm	package
haproxy	not-affected		bullseye	package

Примечания

https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46 (v3.1-dev7)
https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=fe5685af820ae62fe5b0d80b5ed7a2ffc41a036f (v2.9.11)

EPSS

Процентиль: 34%

0.00137

Низкий

Связанные уязвимости

CVE-2024-49214

CVSS3: 5.3

ubuntu

около 1 года назад

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

CVE-2024-49214

CVSS3: 5.3

redhat

больше 1 года назад

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

CVE-2024-49214

CVSS3: 5.3

nvd

около 1 года назад

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

CVE-2024-49214

CVSS3: 5.3

msrc

3 месяца назад

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

GHSA-8jgf-8r3g-hxh8

CVSS3: 5.3

github

около 1 года назад

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

EPSS

Процентиль: 34%

0.00137

Низкий