VDB
CVE-2024-45506
CVE-2024-45506
PUBLISHED
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
EPSS 1.49% · 81.4th percentile
Risk Scores
EPSS Score
1.49%
81.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | haproxy | 3.0.0, 2.9.0 |
| Bitnami | haproxy | 2.9.0, 3.0.0 |
Timeline
- Sep 3, 2024 CVE Published
- Sep 5, 2024 EPSS Score
- Sep 6, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 15, 2024 EPSS Score
- Oct 16, 2024 Coalition ESS Score
- Oct 22, 2024 CVE Updated
- Nov 4, 2024 EPSS Score
- Dec 15, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Jan 24, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
References
- http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c url
- http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45506 url
- https://www.haproxy.org/ url
- https://www.haproxy.org/download/3.1/src/CHANGELOG url
- https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html url
- https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html url