CVE-2024-45506
published 2024-09-04CVE-2024-45506: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop)…
PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.20%
64.4th percentile
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | haproxy | < haproxy 2.9.10-1 (forky) | haproxy 2.9.10-1 (forky) |
| haproxy | haproxy | — | — |
| haproxy | haproxy | >= 0 < 2.9.10-1 | 2.9.10-1 |
| haproxy | haproxy | >= 0 < 2.9.10-1 | 2.9.10-1 |
| haproxy | haproxy | >= 2.9.0 < 2.9.10 | 2.9.10 |
| haproxy | haproxy | >= 3.0.0 < 3.0.4 | 3.0.4 |
| msrc | azl3_haproxy_2.9.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_haproxy_2.9.11-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target HAProxy HTTP/2 zero-copy forwarding (h2_send loop) — monitor for HAProxy processes entering a hung/infinite-loop state consuming 100% CPU with no progress on HTTP/2 connections, indicative of the h2_send DoS condition ↗
- →Vulnerability is only triggerable when zero-copy forwarding of data is enabled in HAProxy; audit configurations for absence of 'tune.h2.zero-copy-fwd-send off' in the global section as an indicator of exposure ↗
- →Affected versions are HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6; inventory and alert on these version strings in asset management or banner-grabbing outputs ↗
- ·HAProxy as shipped in Red Hat Enterprise Linux 7, 8, 9, Red Hat Ceph Storage 5, and Red Hat OpenShift Container Platform 3.11 and 4 is NOT affected — these products do not ship a vulnerable version. ↗
- ·Severity was elevated to Important (from Moderate) due to confirmed in-the-wild exploitation in at least one case reported by the upstream HAProxy project. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vulncheck7.5HIGH
vendor_debian7.5LOW
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
HAProxy 2.9.x before 2.9.10 3.0.x before 3.0.4 and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions as exploite
vendor_msrc·2024-09-10·CVSS 7.5
CVE-2024-45506 [HIGH] HAProxy 2.9.x before 2.9.10 3.0.x before 3.0.4 and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions as exploite
HAProxy 2.9.x before 2.9.10 3.0.x before 3.0.4 and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions as exploited in the wild in 2024.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identifi
Red Hat
haproxy: potential infinite loop condition in the h2_send() may trigger a DoS
vendor_redhat·2024-09-04·CVSS 7.5
CVE-2024-45506 [HIGH] CWE-835 haproxy: potential infinite loop condition in the h2_send() may trigger a DoS
haproxy: potential infinite loop condition in the h2_send() may trigger a DoS
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
A flaw was found in HAProxy. An issue in the HTTP/2 multiplexer combined with the zero-copy forwarding system allows remote attackers to trigger under very rare conditions an endless loop and cause a denial of service.
Statement: The severity of this vulnerability has been raised to Important due to preliminary evidence from the upstream HAProxy project that it has been exploited in one case. Without this detail, the technical risk from this type of denial of service would have been rated
Debian
CVE-2024-45506: haproxy - HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allo...
vendor_debian·2024·CVSS 7.5
CVE-2024-45506 [HIGH] CVE-2024-45506: haproxy - HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allo...
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved (fixed in 2.9.10-1)
sid: resolved (fixed in 2.9.10-1)
trixie: resolved (fixed in 2.9.10-1)
GHSA
GHSA-gmvf-rv8w-2hrh: HAProxy 2
ghsa_unreviewed·2024-09-04
CVE-2024-45506 [HIGH] CWE-835 GHSA-gmvf-rv8w-2hrh: HAProxy 2
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service.
OSV
CVE-2024-45506: HAProxy 2
osv·2024-09-04·CVSS 7.5
CVE-2024-45506 [HIGH] CVE-2024-45506: HAProxy 2
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
VulnCheck
HAProxy Endless Loop HTTP/2 Vulnerability
vulncheck·2024·CVSS 7.5
CVE-2024-45506 [HIGH] HAProxy Endless Loop HTTP/2 Vulnerability
HAProxy Endless Loop HTTP/2 Vulnerability
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
Affected: haproxy haproxy
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html; https://www.cve.org/CVERecord?id=CVE-2024-45506
No detection rules found.
No public exploits indexed.
http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3chttp://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7fhttps://www.haproxy.org/https://www.haproxy.org/download/3.1/src/CHANGELOGhttps://www.mail-archive.com/haproxy%40formilux.org/msg45280.htmlhttps://www.mail-archive.com/haproxy%40formilux.org/msg45281.html
2024-09-04
Published
Exploited in the wild