Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2024-45506

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

  • Published: Sep 4, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-45506
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
haproxy / haproxy 3.0.0 3.0.4
haproxy / haproxy 2.9.0 2.9.10
haproxy / haproxy 3.1-dev1 3.1-dev1.x
haproxy / haproxy 3.1-dev2 3.1-dev2.x
haproxy / haproxy 3.1-dev3 3.1-dev3.x
haproxy / haproxy 3.1-dev4 3.1-dev4.x
haproxy / haproxy 3.1-dev0 3.1-dev0.x
haproxy / haproxy 3.1-dev5 3.1-dev5.x