CVE-2021-40346

Published on: 09/08/2021 12:00:00 AM UTC

Last Modified on: 09/17/2021 10:15:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Certain versions of Debian Linux from Debian contain the following vulnerability:

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

  • CVE-2021-40346 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [cloudstack-dev] 20210910 Re: CVE-2021-40346 (haproxy 2.x)
BUG/MAJOR: htx: fix missing header name length check in htx_add_heade… · haproxy/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
[ANNOUNCE] HTX vulnerability from 2.0 to 2.5-dev www.mail-archive.com
text/html
URL Logo MISC www.mail-archive.com/[email protected]/msg41114.html
Debian -- Security Information -- DSA-4968-1 haproxy www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-4968
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [cloudstack-dev] 20210910 CVE-2021-40346 (haproxy 2.x)
[SECURITY] Fedora 33 Update: haproxy-2.2.17-1.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2021-cd5ee418f6
Repositories - haproxy.git/summary git.haproxy.org
text/xml
URL Logo MISC git.haproxy.org/?p=haproxy.git
Critical vulnerability in HAProxy | JFrog Security Research Team jfrog.com
text/html
URL Logo MISC jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
[SECURITY] Fedora 34 Update: haproxy-2.3.14-1.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2021-3493f9f6ab
haproxy www.mail-archive.com
text/html
URL Logo MISC www.mail-archive.com/[email protected]

Related QID Numbers

  • 178790 Debian Security Update for haproxy (DSA 4968-1)
  • 198492 Ubuntu Security Notification for HAProxy Vulnerabilities (USN-5063-1)
  • 281907 Fedora Security Update for haproxy (FEDORA-2021-3493f9f6ab)
  • 281915 Fedora Security Update for haproxy (FEDORA-2021-cd5ee418f6)
  • 751109 OpenSUSE Security Update for haproxy (openSUSE-SU-2021:2975-1)
  • 751188 OpenSUSE Security Update for haproxy (openSUSE-SU-2021:1329-1)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux11.0AllAllAll
ApplicationHaproxyHaproxyAllAllAllAll
ApplicationHaproxyHaproxy2.5dev0AllAll
ApplicationHaproxyHaproxy2.5dev1AllAll
ApplicationHaproxyHaproxy2.5dev2AllAll
ApplicationHaproxyHaproxy2.5dev3AllAll
ApplicationHaproxyHaproxy2.5dev4AllAll
ApplicationHaproxyHaproxy2.5dev5AllAll
ApplicationHaproxyHaproxy2.5dev6AllAll
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:2.5:dev0:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:2.5:dev1:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:2.5:dev2:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:2.5:dev3:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:2.5:dev4:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:2.5:dev5:*:*:*:*:*:*:
  • cpe:2.3:a:haproxy:haproxy:2.5:dev6:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @jenseckels JFrog's Security Research team strikes again. #HAProxy #DevSecOps jfrog.com/blog/critical-… 2021-09-07 18:40:43
Twitter Icon @LoriLorusso Oops we did it again! @jfrog's security found another critical vulnerability!!! Great work team! jfrog.com/blog/critical-… #DevSecOps 2021-09-07 18:42:43
Twitter Icon @opsmatters_uk The latest update for #JFrog includes "Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables… twitter.com/i/web/status/1… 2021-09-08 01:13:50
Twitter Icon @vigilance_en [email protected] #Vulnerability of HAProxy: header injection via HTX. vigilance.fr/vulnerability/… Identifiers: #CVE-2021-40346… twitter.com/i/web/status/1… 2021-09-08 07:09:04
Twitter Icon @_r_netsec CVE-2021-40346 - Integer Overflow leads to HTTP Smuggling in HAProxy jfrog.com/blog/critical-… 2021-09-08 11:43:06
Twitter Icon @CybrXx0 CVE-2021-40346 - Integer Overflow leads to HTTP Smuggling in HAProxy via /r/netsec ift.tt/3zWb0UP #cybersecurity #netsec #news 2021-09-08 11:59:23
Twitter Icon @_0xf4n9x_ #CVE-2021-40346 HAProxy Integer Overflow Enables HTTP Request Smuggling jfrog.com/blog/critical-… 2021-09-08 12:45:41
Twitter Icon @Myinfosecfeed New post: "CVE-2021-40346 - Integer Overflow leads to HTTP Smuggling in HAProxy" ift.tt/3l8Dh4v 2021-09-08 12:48:27
Twitter Icon @lnxsec The Integer Overflow vulnerability (CVE-2021-40346) has a severity rating of 8.6 & has been rectified in #HAProxy v… twitter.com/i/web/status/1… 2021-09-08 12:52:18
Twitter Icon @NewsPlopcom Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling rssfeeds.cloudsite.builders/2021/09/08/cri… 2021-09-08 14:14:00
Twitter Icon @RSSFeedsCloud Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling rssfeeds.cloudsite.builders/2021/09/08/cri… 2021-09-08 14:14:00
Twitter Icon @QuickCartWP Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling rssfeeds.cloudsite.builders/2021/09/08/cri… 2021-09-08 14:14:01
Twitter Icon @sanz_bhardwaj Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling jfrog.com/blog/critical-… via @jfrog 2021-09-08 17:03:19
Twitter Icon @CVEreport CVE-2021-40346 : An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_header can be exploited to… twitter.com/i/web/status/1… 2021-09-08 17:09:47
Twitter Icon @SandroBruscino Critical vulnerability in HAProxy jfrog.com/blog/critical-… #appsec bit.ly/3nfccz6 2021-09-08 17:14:59
Twitter Icon @thezerohunter HTTP Request Smuggling in HAProxy, by @jfrog/@peles_o #infosec #appsec #BugBounty jfrog.com/blog/critical-… 2021-09-08 17:15:42
Twitter Icon @UnctusM Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling jfrog.com/blog/critical-… 2021-09-08 17:20:59
Twitter Icon @tais9 Critical vulnerability in HAProxy | JFrog Security Research Team jfrog.com/blog/critical-… 2021-09-08 19:55:58
Twitter Icon @cKure7 ■■■■□ Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling jfrog.com/blog/critical-… 2021-09-08 20:55:24
Twitter Icon @rickytato jfrog.com/blog/critical-… 2021-09-08 21:08:49
Twitter Icon @WilfridBlanc #CVE-2021-40346 - Integer Overflow leads to HTTP Smuggling in HAProxy jfrog.com/blog/critical-… 2021-09-08 22:00:03
Twitter Icon @knqyf263 自分の知ってるHTTP Request Smugglingとは少し違って面白かった jfrog.com/blog/critical-… 2021-09-08 22:48:35
Twitter Icon @knqyf263 簡単に検証したので置いておきます。ACLをバイパスしてリクエストを飛ばすところは出来たけどレスポンスの受け取りには成功してないので、誰か出来たら教えて欲しい。 github.com/knqyf263/CVE-2… 2021-09-08 22:51:36
Twitter Icon @1nf0s3cpt CVE-2021-40346 - Integer Overflow leads to HTTP Smuggling in HAProxy jfrog.com/blog/critical-… 2021-09-09 01:18:16
Twitter Icon @netsecu jfrog.com/blog/critical-… Critical vulnerability in HAProxy | JFrog Security Research Team #cybersecurity 2021-09-09 02:16:11
Twitter Icon @malwaresick Critical vulnerability in HAProxy #CyberSecurity jfrog.com/blog/critical-… 2021-09-09 02:52:24
Twitter Icon @sempf Another request smuggling attack. If your scanners don't look for this, learn to check manually! 2021-09-09 03:37:12
Twitter Icon @LinInfoSec Haproxy - CVE-2021-40346: git.haproxy.org/?p=haproxy.git 2021-09-09 05:05:19
Twitter Icon @breakheist jfrog.com/blog/critical-… #HAProxy #CVE-2021-40346 #Workaround 2021-09-09 06:32:01
Twitter Icon @hkashfi Yet another way to do HTTP Smuggling, via this HAProxy issue. jfrog.com/blog/critical-… 2021-09-09 08:01:07
Twitter Icon @Lulztigre CVE-2021-40346 : Critical Vulnerability in HAProxy Integer Overflow Enables HTTP Smuggling jfrog.com/blog/critical-… 2021-09-09 09:01:47
Twitter Icon @BishwarupamSaha #HAProxy recently detected vulnerable to critical #HTTP Request Smuggling #vulnerability tracked as CVE-2021-40346,… twitter.com/i/web/status/1… 2021-09-09 09:30:36
Twitter Icon @chybeta CVE-2021-40346 HAProxy HTTP Smuggling and ACL bypass analysis 1. jfrog.com/blog/critical-… 2.… twitter.com/i/web/status/1… 2021-09-09 12:48:03
Twitter Icon @_hg8_ "HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling" -> Give it a try on your bug bounty programs ?… twitter.com/i/web/status/1… 2021-09-09 14:23:41
Twitter Icon @securestep9 Critical #Vulnerability in #HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling: #IntegerOverflow… twitter.com/i/web/status/1… 2021-09-09 14:30:23
Twitter Icon @kamihack This updates is related to: Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smug… twitter.com/i/web/status/1… 2021-09-09 14:57:20
Twitter Icon @FelixEhlers #HAProxy #CVE #InfoSec jfrog.com/blog/critical-… 2021-09-09 15:22:41
Twitter Icon @ipssignatures The vuln CVE-2021-40346 has a tweet created 0 days ago and retweeted 34 times. twitter.com/chybeta/status… #pow1rtrtwwcve 2021-09-09 16:06:00
Twitter Icon @mikeforbes Nasty HAProxy buffer overflow (CVE-2021-40346) which allows HTTP Request Smuggling (ACL bypass & other shenanigans)… twitter.com/i/web/status/1… 2021-09-09 20:53:34
Twitter Icon @cyber_advising CVE-2021-40346 PoC (HAProxy HTTP Smuggling) PoC github.com/knqyf263/CVE-2… https://t.co/ieDBMIRB7K 2021-09-10 00:58:24
Twitter Icon @FreeBSDHelp HAProxy vulnerability reported by @jfrog enables HTTP request smuggling attacks (CVE-2021-40346)… twitter.com/i/web/status/1… 2021-09-10 04:34:02
Twitter Icon @Inf0Junki3 Critical vulnerability in HAProxy jfrog.com/blog/critical-… 2021-09-10 04:44:02
Twitter Icon @gebutcher Критическая уязвимость в HAProxy (CVE-2021-40346) HAProxy - широко используемый прокси-сервер и балансировщик нагру… twitter.com/i/web/status/1… 2021-09-10 05:46:56
Twitter Icon @gebutcher Критическая уязвимость в HAProxy (CVE-2021-40346) HAProxy - широко используемый прокси-сервер и балансировщик нагру… twitter.com/i/web/status/1… 2021-09-10 05:47:56
Twitter Icon @ptracesecurity CVE-2021-40346 PoC (HAProxy HTTP Smuggling) github.com/knqyf263/CVE-2… #Pentesting #CVE #CyberSecurity #Infosec https://t.co/CIiXhSdGYr 2021-09-10 06:04:01
Twitter Icon @ChrisShort Suggested Read: Critical vulnerability in HAProxy | JFrog Security Research Team jfrog.com/blog/critical-… 2021-09-10 14:27:01
Twitter Icon @ipssignatures The vuln CVE-2021-40346 has a tweet created 1 days ago and retweeted 100 times. twitter.com/chybeta/status… #pow2rtrtwwcve 2021-09-10 16:06:01
Twitter Icon @ipssignatures The vuln CVE-2021-40346 has a tweet created 0 days ago and retweeted 12 times. twitter.com/ptracesecurity… #pow1rtrtwwcve 2021-09-10 18:06:01
Twitter Icon @NowSecureMobile jfrog.com/blog/critical-… 2021-09-10 20:48:19
Twitter Icon @eyalestrin Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling ift.tt/3lgmAnz 2021-09-11 06:00:31
Twitter Icon @ptracesecurity CVE-2021-40346 PoC (HAProxy HTTP Smuggling) github.com/knqyf263/CVE-2… #Pentesting #CVE #WebSecurity #CyberSecurity… twitter.com/i/web/status/1… 2021-09-12 04:49:02
Twitter Icon @cKure7 ■■■■□ CVE-2021-40346 PoC (HAProxy HTTP Smuggling). github.com/knqyf263/CVE-2… 2021-09-12 04:50:47
Twitter Icon @cornichecorp knqyf263/CVE-2021-40346: CVE-2021-40346 PoC (HAProxy HTTP Smuggling) #Infosec #cybersecurity #security via… twitter.com/i/web/status/1… 2021-09-12 05:04:13
Twitter Icon @thezerohunter Critical Vulnerability in HAProxy. Integer Overflow Enables HTTP Smuggling. #appsec #Vulnerability jfrog.com/blog/critical-… 2021-09-12 10:54:12
Twitter Icon @tiivik محققان DevOps پلتفرم JFrog با کشف #آسیب_پذیری integer overflow (CVE-2021-40346) در HAProxy که یک Load balancer متن… twitter.com/i/web/status/1… 2021-09-12 15:51:41
Reddit Logo Icon /r/netsec CVE-2021-40346 - Integer Overflow leads to HTTP Smuggling in HAProxy 2021-09-08 11:36:09
Reddit Logo Icon /r/PFSENSE Does the recent critical security vulnerability disclosed in HAProxy apply to pfsense? 2021-09-08 13:54:00
Reddit Logo Icon /r/RedSec CVE-2021-40346 - Integer Overflow leads to HTTP Smuggling in HAProxy 2021-09-08 15:52:26
Reddit Logo Icon /r/blueteamsec CVE-2021-40346: HAProxy 2.0 through 2.5 request smuggling due to integer overflow allowing access to otherwise inaccessible URLs 2021-09-13 06:06:36
Reddit Logo Icon /r/Turris Turris OS 5.2.7 is released 2021-09-15 16:56:50
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report