CVE-2023-0836

Published Mar 29, 2023

Last updated a year ago

Overview

Description: An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-459
secalert@redhat.com: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2716FE42-E573-4714-81AD-6C282F19D4DB",
            "versionEndExcluding": "2.2.27",
            "versionStartIncluding": "2.2.0"
          },
          {
            "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7A06FF0-94D5-4414-9089-5E8EDCF28FB2",
            "versionEndIncluding": "2.4.21",
            "versionStartIncluding": "2.4.0"
          },
          {
            "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E793E6B3-4384-4E14-95F0-4A9764694BD7",
            "versionEndIncluding": "2.5.11",
            "versionStartIncluding": "2.5.0"
          },
          {
            "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "403E881D-2546-4324-AD6A-C1F96D66EF7C",
            "versionEndIncluding": "2.6.8",
            "versionStartIncluding": "2.6.0"
          },
          {
            "criteria": "cpe:2.3:a:haproxy:haproxy:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B917864F-A221-453D-9A8A-A5E6F2923894"
          },
          {
            "criteria": "cpe:2.3:a:haproxy:haproxy:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64C89E5B-9EEC-4BE8-89C2-E9908B016872"
          },
          {
            "criteria": "cpe:2.3:a:haproxy:haproxy:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3C053BE-78C8-475F-8D2B-56FAD7B0E0D2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References