HAProxy, a widely used open-source load balancer and proxy server, has a critical security vulnerability that could be exploited by an adversary to smuggle HTTP requests. This could result in unauthorized access to critical data and the execution of arbitrary commands, effectively opening the door to a variety of attacks.
The Integer Overflow vulnerability – CVE-2021-40346 – has a CVSS severity level of 8.6 and has been fixed in HAProxy versions 2.0.25, 2.2.17, 2.3.14, and 2.4.4
Researchers from JFrog Security said in a report, “The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in HAProxy while parsing an HTTP request — specifically — in the logic that deals with Content-Length headers.”
For more such updates follow us on Google News ITsecuritywire News.
