Project

General

Profile

Actions

Todo #12354

open

Update haproxy-devel to mitigate CVE-2021-40346

Added by DRago_Angel [InV@DER] about 3 years ago. Updated over 2 years ago.

Status:
Feedback
Priority:
High
Assignee:
Viktor Gurov
Category:
haproxy
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

As per https://nvd.nist.gov/vuln/detail/CVE-2021-40346 need update to fix BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
HAproxy 2.2.17 Changelog available here: https://www.haproxy.org/download/2.2/src/CHANGELOG

Temporary workaround:

http-request deny if { req.hdr_cnt(content-length) gt 1 }
http-response deny if { res.hdr_cnt(content-length) gt 1 }


Files

136.diff (2.56 KB) 136.diff Viktor Gurov, 10/09/2021 05:48 AM
clipboard-202205111713-miifc.png (25.5 KB) clipboard-202205111713-miifc.png Micha Kersloot, 05/11/2022 10:13 AM
Actions

Also available in: Atom PDF