CVE-2021-40346

Description

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

Related CPE's

a haproxy haproxy ********

a haproxy haproxy 2.5 dev0 ******

a haproxy haproxy 2.5 dev1 ******

a haproxy haproxy 2.5 dev2 ******

a haproxy haproxy 2.5 dev3 ******

a haproxy haproxy 2.5 dev4 ******

a haproxy haproxy 2.5 dev5 ******

References

https://git.haproxy.org/?p=haproxy.git

PatchVendor Advisory

DSA-4968

Third Party Advisory

https://www.mail-archive.com/[email protected]

Third Party Advisory

https://www.mail-archive.com/[email protected]/msg41114.html

MitigationThird Party Advisory

https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

ExploitMitigationThird Party Advisory

https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95

PatchThird Party Advisory

[cloudstack-dev] 20210910 CVE-2021-40346 (haproxy 2.x)

Mailing ListThird Party Advisory

[cloudstack-dev] 20210910 Re: CVE-2021-40346 (haproxy 2.x)

Mailing ListThird Party Advisory

FEDORA-2021-3493f9f6ab

FEDORA-2021-cd5ee418f6

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	7.5
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	NONE
AvailabilityImpact	NONE
IntegrityImpact	PARTIAL
BaseScore	5
VectorString	AV:N/AC:L/Au:N/C:N/I:P/A:N
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io