CVE-2023-0836
CVSS V2 None
CVSS V3 None
Description
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
Overview
- CVE ID
- CVE-2023-0836
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2023-03-29T21:15:07
- Last Modified Date
- 2023-04-14T04:15:18
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:* | 1 | OR | 2.2.0 | 2.2.27 |
| cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:* | 1 | OR | 2.4.0 | 2.4.21 |
| cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:* | 1 | OR | 2.5.0 | 2.5.11 |
| cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:* | 1 | OR | 2.6.0 | 2.6.8 |
| cpe:2.3:a:haproxy:haproxy:2.1.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:haproxy:haproxy:2.3.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:haproxy:haproxy:2.7.0:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=2e6bf0a | Mailing List Patch |
| https://www.debian.org/security/2023/dsa-5388 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0836 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0836 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 03:53:52 | Added to TrackCVE | |||
| 2023-04-17 03:53:55 | Weakness Enumeration | new |