Home > Vulnerability Database > CVE-2024-45506

Mend.io Vulnerability Database

CVE-2024-45506

Date: September 3, 2024

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

Language: C

Severity Score

7.5

Related Resources (9)

Url: https://www.haproxy.org/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45506

Url: https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html

Url: http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f

Url: https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html

Url: https://www.haproxy.org/download/3.1/src/CHANGELOG

Url: http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c

Url: https://security-tracker.debian.org/tracker/CVE-2024-45506

Url: https://www.mend.io/vulnerability-database/CVE-2024-45506

Severity Score

7.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45506

Date: September 3, 2024

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?