Описание
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
A flaw was found in HAProxy. An issue in the HTTP/2 multiplexer combined with the zero-copy forwarding system allows remote attackers to trigger under very rare conditions an endless loop and cause a denial of service.
Отчет
The severity of this vulnerability has been raised to Important due to preliminary evidence from the upstream HAProxy project that it has been exploited in one case. Without this detail, the technical risk from this type of denial of service would have been rated Moderate. This issue can only be triggered when zero-copy forwarding of data is enabled. See the mitigation section to see how this mechanism can be disabled. The HAProxy package as shipped in Red Hat Enterprise Linux 7, 8, 9, in Red Hat Ceph Storage 5 and in Red Hat OpenShift Container Platform 3.11 and 4 is not affected by this vulnerability because these products do not ship a vulnerable version of HAProxy.
Меры по смягчению последствий
Disable the zero-copy forwarding system to mitigate this issue. Add the following configuration directive in the global section:
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 5 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 7 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 8 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 9 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 4 | haproxy | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1 ...
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service.
EPSS
7.5 High
CVSS3