Updated: 2025-08-20 00:08:06.279976
Description:
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | haproxy | 1.5.18 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:28 | Ignored due to low severity | |
| CentOS 8.4 ELS | haproxy | 1.8.27-2 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:28 | Ignored due to low severity | |
| CentOS 8.5 ELS | haproxy | 1.8.27-2 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:27 | Ignored due to low severity | |
| CentOS Stream 8 ELS | haproxy | 1.8.27 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:28 | Ignored due to low severity | |
| CloudLinux 6 ELS | haproxy | 1.5.18 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:28 | Ignored due to low severity | |
| CloudLinux 7 ELS | haproxy | 1.5.18 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:28 | Ignored due to low severity | |
| Oracle Linux 6 ELS | haproxy | 1.5.18 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:28 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | haproxy | 1.6.3 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:28 | Ignored due to low severity | |
| Ubuntu 18.04 ELS | haproxy | 1.8.8 | 5.3 | MEDIUM | Ignored | 2024-10-21 05:25:27 | Ignored due to low severity |