Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-0056

Опубликовано: 23 мар. 2023
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:haproxy:haproxy:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:arm64:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:arm64:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:arm64:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 7

Одно из

cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 36%
0.00148
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400
CWE-400
CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2023-0056

CVSS3: 6.5
ubuntu
около 2 лет назад

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

redhat логотип

CVE-2023-0056

CVSS3: 4.3
redhat
больше 2 лет назад

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

debian логотип

CVE-2023-0056

CVSS3: 6.5
debian
около 2 лет назад

An uncontrolled resource consumption vulnerability was discovered in H ...

suse-cvrf логотип

SUSE-SU-2023:0153-1

suse-cvrf
больше 2 лет назад

Security update for haproxy

github логотип

GHSA-43q4-pf55-3xhc

CVSS3: 6.5
github
около 2 лет назад

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

EPSS

Процентиль: 36%
0.00148
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400
CWE-400
CWE-400