CVE-2022-0711

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-0711
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0711.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-0711
Aliases
Downstream
Related
Published
2022-03-02T22:15:08.313Z
Modified
2026-02-12T07:39:52.495699Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

References

Affected packages

Git
git.haproxy.org/haproxy-2.2.git

Affected ranges

Type
GIT
Repo
https://git.haproxy.org/haproxy-2.2.git
Events
Introduced
3a00c915fd241fc398a080a11ccac9c5c46791ce
Fixed
d8e6e4b63fc323c98f9bdd6d160a20bce0d02770

Affected versions

v2.*
v2.2.0
v2.2.1
v2.2.10
v2.2.11
v2.2.12
v2.2.13
v2.2.14
v2.2.15
v2.2.16
v2.2.17
v2.2.18
v2.2.19
v2.2.2
v2.2.20
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0711.json"
git.haproxy.org/haproxy-2.3.git

Affected ranges

Type
GIT
Repo
https://git.haproxy.org/haproxy-2.3.git
Events
Introduced
1c0a722a83e7c45456a2b82c15889ab9ab5c4948
Fixed
55c4c21958ebeb5ecb23aa404bafc5d558e4a0d7

Affected versions

v2.*
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.15
v2.3.16
v2.3.17
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0711.json"
github.com/haproxy/haproxy

Affected ranges

Type
GIT
Repo
https://github.com/haproxy/haproxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8
Introduced
6cbbecf09734aeb5fa8bb88f36f06a6f6d35e813
Fixed
09cc669afb35fa362c9e42ab42c85f21cbdecd9d

Affected versions

v2.*
v2.4.0
v2.5-dev0
v2.5-dev1
v2.5-dev10
v2.5-dev11
v2.5-dev12
v2.5-dev13
v2.5-dev14
v2.5-dev15
v2.5-dev2
v2.5-dev3
v2.5-dev4
v2.5-dev5
v2.5-dev6
v2.5-dev7
v2.5-dev8
v2.5-dev9
v2.5.0
v2.6-dev0
v2.6-dev1

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "337496346880649468093710429442135291026",
                "100471815415007832791994411618091627129",
                "319132254654960409829937430810655726392",
                "322735852155913190660686993841847730435"
            ]
        },
        "target": {
            "file": "src/http_ana.c"
        },
        "id": "CVE-2022-0711-639036d4",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8",
        "digest": {
            "function_hash": "98329939681248038118576851848161614349",
            "length": 3914.0
        },
        "target": {
            "file": "src/http_ana.c",
            "function": "http_manage_server_side_cookies"
        },
        "id": "CVE-2022-0711-b396e60b",
        "deprecated": false,
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0711.json"