{"id":"AZL-50333","summary":"CVE-2024-49214 affecting package haproxy for versions less than 2.4.24-1","details":"QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.","modified":"2026-04-01T05:17:30.647243Z","published":"2024-10-14T04:15:05Z","upstream":["CVE-2024-49214"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49214"}],"affected":[{"package":{"name":"haproxy","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/haproxy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.24-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50333.json"}}],"schema_version":"1.7.5"}