{
  "threat_severity" : "Important",
  "public_date" : "2024-09-04T15:15:14Z",
  "bugzilla" : {
    "description" : "haproxy: potential infinite loop condition in the h2_send() may trigger a DoS",
    "id" : "2309732",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2309732"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-835",
  "details" : [ "HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.", "A flaw was found in HAProxy. An issue in the HTTP/2 multiplexer combined with the zero-copy forwarding system allows remote attackers to trigger under very rare conditions an endless loop and cause a denial of service." ],
  "statement" : "The severity of this vulnerability has been raised to Important due to preliminary evidence from the upstream HAProxy project that it has been exploited in one case. Without this detail, the technical risk from this type of denial of service would have been rated Moderate.\nThis issue can only be triggered when zero-copy forwarding of data is enabled. See the mitigation section to see how this mechanism can be disabled.\nThe HAProxy package as shipped in Red Hat Enterprise Linux 7, 8, 9, in Red Hat Ceph Storage 5 and in Red Hat OpenShift Container Platform 3.11 and 4 is not affected by this vulnerability because these products do not ship a vulnerable version of HAProxy.",
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 5",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/a:redhat:ceph_storage:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-45506\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45506\nhttps://git.haproxy.org/?p=haproxy-3.0.git;a=commitdiff;h=c725db17e8416ffb3c1537aea756356228ce5e3c\nhttps://git.haproxy.org/?p=haproxy-3.0.git;a=commitdiff;h=d636e515453320c6e122c313c661a8ac7d387c7f\nhttps://www.haproxy.com/blog/cve-2024-45506\nhttps://www.mail-archive.com/haproxy%40formilux.org/msg45280.html\nhttps://www.mail-archive.com/haproxy%40formilux.org/msg45281.html" ],
  "name" : "CVE-2024-45506",
  "mitigation" : {
    "value" : "Disable the zero-copy forwarding system to mitigate this issue. Add the following configuration directive in the global section:\n~~~\nglobal\n...\ntune.h2.zero-copy-fwd-send off\n~~~",
    "lang" : "en:us"
  },
  "csaw" : false
}