An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
{ "vanir_signatures": [ { "source": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95", "target": { "file": "include/haproxy/htx.h", "function": "htx_add_trailer" }, "digest": { "length": 397.0, "function_hash": "250362322674641590349589051495230156653" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2021-40346-720f56ce", "signature_type": "Function" }, { "source": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95", "target": { "file": "include/haproxy/htx.h", "function": "htx_add_header" }, "digest": { "length": 397.0, "function_hash": "137971134793007557031146476273999624430" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2021-40346-a2320c5c", "signature_type": "Function" }, { "source": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95", "target": { "file": "include/haproxy/htx.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "103378957073333009210878063361820249918", "90642999860060403562236023336123966002", "87325895267160897988184542515128014985", "258426726845170808120248969356574058873", "156690178870054102966697089710863666198", "97589094008776621651354770360189691565" ] }, "deprecated": false, "signature_version": "v1", "id": "CVE-2021-40346-ff6b9c62", "signature_type": "Line" } ] }