PT-2022-5563 · Haproxy+5 · Haproxy+5

Andrew Mcdermott

Published

2022-02-11

Updated

2025-08-12

CVE-2022-0711

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions HAProxy (affected versions not specified)

Description A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this issue is availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2022-3040

ALT-PU-2023-1151

AZL-8899

BDU:2022-06920

BIT-HAPROXY-2022-0711

CVE-2022-0711

DSA-5102-1

OESA-2022-1578

OESA-2022-2054

OPENSUSE-SU-2022_2277-1

OPENSUSE-SU-2024:11876-1

RHSA-2022:1021

RHSA-2022:1153

RHSA-2022:1336

RHSA-2022:1620

SUSE-SU-2022:2277-1

SUSE-SU-2022_2277-1

USN-5312-1

Affected Products

Alt Linux

Astra Linux

Haproxy

Linuxmint

Suse

Ubuntu

PT-2022-5563 · Haproxy+5 · Haproxy+5

CVE-2022-0711

Weakness Enumeration

Related Identifiers

Affected Products

References · 37