CVE-2022-0711

Advisory lineage Upstream: 0 Downstream: 11

Downstream

ALPINE-CVE-2022-0711 DEBIAN-CVE-2022-0711 DSA-5102-1 OPENSUSE-SU-2024:11876-1 RHSA-2022:1021 RHSA-2022:1153

Modified

Published: 02 Mar 2022, 21:59

Last modified:02 Aug 2024, 23:40

Vulnerability Summary

Overall Risk (default)

medium

43/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

66.48% CRITICAL

66% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Mar 2022, 21:59

Published

Vulnerability first disclosed

02 Aug 2024, 23:40

Last Modified

Vulnerability information updated

Description

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 66.48%• Percentile: 99%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

debian•debian_linux
11.0
haproxy•haproxy
≥ 2.2.0, < 2.2.21 | ≥ 2.3.0, < 2.3.18 | ≥ 2.4.0, < 2.4.13
redhat•enterprise_linux
7.0 | 8.0
redhat•openshift_container_platform
4.0
redhat•software_collections
na