VDB
CVE-2024-49214
CVE-2024-49214
PUBLISHED
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
EPSS 0.10% · 28.2th percentile
Risk Scores
EPSS Score
0.10%
28.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | haproxy | 3.0.0, 0 |
| Bitnami | haproxy | 0, 3.0.0 |
Timeline
- Oct 13, 2024 CVE Published
- Oct 14, 2024 EPSS Score
- Oct 14, 2024 Coalition ESS Score
- Oct 16, 2024 Coalition ESS Score
- Oct 16, 2024 CVE Updated
- Oct 29, 2024 Coalition ESS Score
- Nov 2, 2024 EPSS Score
- Nov 20, 2024 EPSS Score
- Dec 10, 2024 EPSS Score
- Dec 29, 2024 EPSS Score
- Jan 16, 2025 EPSS Score
- Feb 4, 2025 EPSS Score
References
- https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46 url
- https://www.haproxy.org/download/2.9/src/CHANGELOG url
- https://www.haproxy.org/download/3.0/src/CHANGELOG url
- https://www.haproxy.org/download/3.1/src/CHANGELOG url
- https://www.mail-archive.com/haproxy%40formilux.org/msg45291.html url
- https://www.mail-archive.com/haproxy%40formilux.org/msg45314.html url
- https://www.mail-archive.com/haproxy%40formilux.org/msg45315.html url
- https://nvd.nist.gov/vuln/detail/CVE-2024-49214 url