CVE-2019-14241

Advisory lineage Upstream: 0 Downstream: 5

Downstream

OPENSUSE-SU-2019:2555-1 OPENSUSE-SU-2019:2556-1 OPENSUSE-SU-2024:10839-1 SUSE-SU-2019:3001-1 SUSE-SU-2019:3002-1

Modified

Published: 23 Jul 2019, 12:02

Last modified:05 Aug 2024, 00:12

Vulnerability Summary

Overall Risk (default)

medium

47/100

CVSS Score

7.5 HIGH

v3.0 (nvd)

EPSS Score

37.04% HIGH

37% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

23 Jul 2019, 12:02

Published

Vulnerability first disclosed

05 Aug 2024, 00:12

Last Modified

Vulnerability information updated

Description

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.

CVSS Metrics

v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 37.04%• Percentile: 97%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

haproxy•haproxy
≥ 1.4, ≤ 1.9.8 | ≥ 2.0.0, ≤ 2.0.2