CVE-2022-0711 vulnerability in HAProxy and Other Products
Published on March 2, 2022
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2022-0711 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2022-0711
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-0711 are published in these products:
Exploit Probability
EPSS
66.48%
Percentile
98.50%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.