CVE-2021-40346
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-40346
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Haproxy HAProxy 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Haproxy HAProxy是法国HAProxy(Haproxy)公司的一款开源的TCP/HTTP负载均衡服务器。该服务器提供4层、7层代理,并能支持上万级别的连接,具有高效、稳定等特点。 HAProxy 存在输入验证错误漏洞,该漏洞源于 HAProxy 中的 htx_add_header() 和 htx_add_trailer() 函数中缺少标头名称长度检查可能会导致请求走私攻击或响应拆分攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2021-40346
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2021-40346 PoC (HAProxy HTTP Smuggling) | https://github.com/knqyf263/CVE-2021-40346 | POC Details |
| 2 | CVE-2021-40346 integer overflow enables http smuggling | https://github.com/donky16/CVE-2021-40346-POC | POC Details |
| 3 | None | https://github.com/alikarimi999/CVE-2021-40346 | POC Details |
| 4 | HAProxy CVE-2021-40346 | https://github.com/Vulnmachines/HAProxy_CVE-2021-40346 | POC Details |
| 5 | CVE-2021-40346 - HaProxy HTTP request smuggling through integer overflow | https://github.com/alexOarga/CVE-2021-40346 | POC Details |
| 6 | HTTP Request Smuggling | https://github.com/BoianEduard/CVE-2021-40346 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-40346
请登录查看更多情报信息。
- https://git.haproxy.org/?p=haproxy.gitx_refsource_MISC
- https://www.mail-archive.com/haproxy%40formilux.orgx_refsource_MISC
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXTSBY2TEAXWZVFQM3CXHJFRONX7PEMN/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7V2IYO22LWVBGUNZWVKNTMDV4KINLFO/vendor-advisoryx_refsource_FEDORA
- https://nvd.nist.gov/vuln/detail/CVE-2021-40346
Same Patch Batch · n/a · 2021-09-08 · 19 CVEs total
| CVE-2021-23404 | 7.6 HIGH | Cross-site Request Forgery (CSRF) |
| CVE-2021-31274 | Librenms 跨站脚本漏洞 | |
| CVE-2021-40818 | Glewlwyd SSO server 缓冲区错误漏洞 | |
| CVE-2021-40814 | Prestashop SQL注入漏洞 | |
| CVE-2021-36440 | ShowDoc 代码问题漏洞 | |
| CVE-2020-26772 | PPGo_Job 操作系统命令注入漏洞 | |
| CVE-2020-19138 | DotCMS 代码问题漏洞 | |
| CVE-2020-19137 | Autumn 安全漏洞 | |
| CVE-2021-40797 | OpenStack 安全漏洞 | |
| CVE-2021-40537 | owncloud 代码问题漏洞 | |
| CVE-2021-21996 | Saltstack SaltStack Salt 安全漏洞 | |
| CVE-2021-33982 | Fish Hunt FL 代码问题漏洞 | |
| CVE-2021-33981 | Fish Hunt FL 信息泄露漏洞 | |
| CVE-2021-21897 | Ribbonsoft dxflib 数字错误漏洞 | |
| CVE-2021-22004 | SaltStack Salt竞争条件问题漏洞 | |
| CVE-2021-36695 | Deskpro 跨站脚本漏洞 | |
| CVE-2021-40377 | Smartertools SmarterTools SmarterMail 跨站脚本漏洞 | |
| CVE-2021-40812 | GD Graphics Library 缓冲区错误漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2021-40346
No comments yet