CVE-2024-49214 MEDIUM

CVE-2024-49214

Vendor N/A
Product n/a
Published October 14, 2024
Last update October 29, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N

What the vulnerability does

01Description

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

Key dates

02Disclosure timeline

October 14, 2024 CVE published
October 29, 2024 Record updated