Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-0836

Опубликовано: 29 мар. 2023
Источник: debian
EPSS Низкий

Описание

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
haproxyfixed2.6.8-1package
haproxynot-affectedbusterpackage

Примечания

  • https://git.haproxy.org/?p=haproxy.git;a=commit;h=2e6bf0a2722866ae0128a4392fa2375bd1f03ff8

  • https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5 (v2.6.8)

  • https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=18575ba4e5057afdb80cc06135272889ae1fa2d1 (v2.2.27)

  • Introduced by: https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=63bbf284a131de362ad5b60d64ff3b1eff830553 (v2.1-dev2)

EPSS

Процентиль: 0%
0.00004
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-0836

CVSS3: 7.5
ubuntu
больше 2 лет назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

redhat логотип

CVE-2023-0836

CVSS3: 7.5
redhat
почти 3 года назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

nvd логотип

CVE-2023-0836

CVSS3: 7.5
nvd
больше 2 лет назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

github логотип

GHSA-xhfw-qhxr-hjhq

CVSS3: 7.5
github
больше 2 лет назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

oracle-oval логотип

ELSA-2023-6496

oracle-oval
почти 2 года назад

ELSA-2023-6496: haproxy security and bug fix update (MODERATE)

EPSS

Процентиль: 0%
0.00004
Низкий