Login Sign Up

CVE-2024-45506

7.5 HIGH
Denial of Service

📋 TL;DR

HAProxy HTTP/2 zero-copy forwarding vulnerability allows remote attackers to cause denial of service by exploiting a loop condition in the h2_send function. This affects HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6. Organizations using vulnerable HAProxy versions with HTTP/2 enabled are at risk.

💻 Affected Systems

Products:
  • HAProxy
Versions: 2.9.x before 2.9.10, 3.0.x before 3.0.4, 3.1.x through 3.1-dev6
Operating Systems: All platforms running HAProxy
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when HTTP/2 zero-copy forwarding is enabled and specific conditions are met

📦 What is this software?

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of HAProxy instances, disrupting all traffic through affected load balancers

🟠

Likely Case

Service degradation or crashes affecting HTTP/2 traffic specifically

🟢

If Mitigated

Minimal impact if HTTP/2 is disabled or patched versions are deployed

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation possible against internet-facing HAProxy instances
🏢 Internal Only: MEDIUM - Internal attackers could disrupt internal load balancing services

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Actively exploited in the wild as of 2024, though specific exploit details not publicly documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.10, 3.0.4, or later 3.1.x versions

Vendor Advisory: https://www.haproxy.org/

Restart Required: Yes

Instructions:

1. Download patched version from haproxy.org 2. Compile/install new version 3. Replace configuration files 4. Restart HAProxy service

🔧 Temporary Workarounds

Disable HTTP/2

all

Disable HTTP/2 protocol support to prevent exploitation

Edit HAProxy config: remove 'alpn h2' from bind lines
Set 'proto h2' to 'proto h1'

Disable zero-copy forwarding

all

Disable zero-copy forwarding feature for HTTP/2

Add 'no-zero-copy-forwarding' to global section or frontend bind lines

🧯 If You Can't Patch

  • Implement rate limiting and connection limits to reduce attack surface
  • Deploy HAProxy behind additional WAF or reverse proxy layer

🔍 How to Verify

Check if Vulnerable:

Check HAProxy version and verify HTTP/2 is enabled in configuration

Check Version:

haproxy -v

Verify Fix Applied:

Verify running version is 2.9.10+, 3.0.4+, or patched 3.1.x version

📡 Detection & Monitoring

Log Indicators:

  • HAProxy process crashes
  • High error rates for HTTP/2 connections
  • Unusual restart patterns

Network Indicators:

  • HTTP/2 connection floods
  • Abnormal HTTP/2 frame sequences

SIEM Query:

source="haproxy.log" AND ("fatal" OR "emerg" OR "alert" OR "crit")

📊 Metadata

CVE ID: CVE-2024-45506
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-835
Published: September 4, 2024
Last Updated: March 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45506, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)