CVE-2019-11323

Опубликовано: 09 мая 2019

Источник: debian

EPSS Низкий

Описание

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
haproxy	not-affected			package

Примечания

Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d

EPSS

Процентиль: 1%

0.00008

Низкий

Связанные уязвимости

CVE-2019-11323

CVSS3: 5.9

ubuntu

больше 6 лет назад

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.

CVE-2019-11323

CVSS3: 5.9

redhat

почти 7 лет назад

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.

CVE-2019-11323

CVSS3: 5.9

nvd

больше 6 лет назад

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.

GHSA-45jj-f42x-jm68

CVSS3: 5.9

github

больше 3 лет назад

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.

EPSS

Процентиль: 1%

0.00008

Низкий