What is CVE-2022-0711?

CVE-2022-0711 is a vulnerability in Haproxy, classified under Loop with Unreachable Exit Condition (Infinite Loop). Published 2022-03-02.

Is CVE-2022-0711 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Haproxy

CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of s…

EPSS: 0.665 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a Haproxy — versions 2.5.1

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

access.redhat.com/security/cve/cve-2022-0711 (x_refsource_MISC)
www.mail-archive.com/haproxy@formilux.org/msg41833.html (x_refsource_MISC)
github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 (x_refsource_MISC)
DSA-5102 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2022-0711?: CVE-2022-0711 is a vulnerability in Haproxy, classified under Loop with Unreachable Exit Condition (Infinite Loop). Published 2022-03-02.
Is CVE-2022-0711 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.