Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-0836

Published: 29/03/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Haproxy

Vulnerability Summary

An information leak vulnerability exists in HAProxy 2.1, 2.2 prior to 2.2.27, 2.3, 2.4 prior to 2.4.21, 2.5 prior to 2.5.11, 2.6 prior to 2.6.8, 2.7 prior to 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haproxy haproxy 2.7.0

haproxy haproxy

haproxy haproxy 2.3.0

haproxy haproxy 2.1.0

Vendor Advisories

Red Hat: Important: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update
Synopsis Important: Red Hat Ceph Storage 61 security, enhancements, and bug fix update Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem Catalog Description Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines ...
Red Hat: Moderate: haproxy security and bug fix update
Synopsis Moderate: haproxy security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for haproxy is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Debian Security Advisories: DSA-5388-1 haproxy -- security update
It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record A remote attacker can take advantage of this flaw to cause an information leak For the stable distribution (bullseye), this problem has been fixed in version 229-2+deb11u5 W ...
Amazon Linux 2: ALASHAPROXY2-2023-002
An out-of-bounds read in dns_validate_dns_response in dnsc was discovered in HAProxy through 1814 Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past ...

References

CWE-459https://www.debian.org/security/2023/dsa-5388https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0ahttps://access.redhat.com/errata/RHSA-2023:7741https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5388
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook