CVE-2019-14241Infinite Loop in Haproxy

CWE-835Infinite LoopCWE-400Uncontrolled Resource Consumption6 documents5 sources
Severity
7.5HIGHNVD
EPSS
37.0%
top 2.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HaproxyDebian Haproxy
Timeline
PublishedJul 23
Latest updateMay 24

Description

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDhaproxy/haproxy1.41.9.8+1

🔴Vulnerability Details

1
GHSA
GHSA-rwrj-rg8q-w32h: HAProxy through 22022-05-24

📋Vendor Advisories

2
Red Hat
haproxy: DoS via vectors realted to htx_manage_client_side_cookies in proto_htx.c2019-07-22
Debian
CVE-2019-14241: haproxy - HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) v...2019

💬Community

2
Bugzilla
CVE-2019-14241 haproxy: DoS via vectors realted to htx_manage_client_side_cookies in proto_htx.c [fedora-all]2019-07-26
Bugzilla
CVE-2019-14241 haproxy: DoS via vectors realted to htx_manage_client_side_cookies in proto_htx.c2019-07-26
CVE-2019-14241 — Infinite Loop in Haproxy | cvebase