cbcvebase.
CVE-2024-45506
published 2024-09-04

CVE-2024-45506: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop)…

PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.20%
64.4th percentile
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianhaproxy< haproxy 2.9.10-1 (forky)haproxy 2.9.10-1 (forky)
haproxyhaproxy
haproxyhaproxy>= 0 < 2.9.10-12.9.10-1
haproxyhaproxy>= 0 < 2.9.10-12.9.10-1
haproxyhaproxy>= 2.9.0 < 2.9.102.9.10
haproxyhaproxy>= 3.0.0 < 3.0.43.0.4
msrcazl3_haproxy_2.9.1-2_on_azure_linux_3.0
msrcazl3_haproxy_2.9.11-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64

Detection & IOCsextracted from sources · hover to see the quote

  • Target HAProxy HTTP/2 zero-copy forwarding (h2_send loop) — monitor for HAProxy processes entering a hung/infinite-loop state consuming 100% CPU with no progress on HTTP/2 connections, indicative of the h2_send DoS condition
  • Vulnerability is only triggerable when zero-copy forwarding of data is enabled in HAProxy; audit configurations for absence of 'tune.h2.zero-copy-fwd-send off' in the global section as an indicator of exposure
  • Affected versions are HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6; inventory and alert on these version strings in asset management or banner-grabbing outputs
  • ·HAProxy as shipped in Red Hat Enterprise Linux 7, 8, 9, Red Hat Ceph Storage 5, and Red Hat OpenShift Container Platform 3.11 and 4 is NOT affected — these products do not ship a vulnerable version.
  • ·Severity was elevated to Important (from Moderate) due to confirmed in-the-wild exploitation in at least one case reported by the upstream HAProxy project.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vulncheck7.5HIGH
vendor_debian7.5LOW
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.