Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-0836

Опубликовано: 29 мар. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

not-affected

2.6.9-1ubuntu1
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
jammy

released

2.4.18-0ubuntu1.3
kinetic

released

2.4.18-1ubuntu1.3
lunar

not-affected

2.6.9-1ubuntu1
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 0%
0.00005
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-0836

CVSS3: 7.5
redhat
почти 3 года назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

nvd логотип

CVE-2023-0836

CVSS3: 7.5
nvd
больше 2 лет назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

debian логотип

CVE-2023-0836

CVSS3: 7.5
debian
больше 2 лет назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ...

github логотип

GHSA-xhfw-qhxr-hjhq

CVSS3: 7.5
github
больше 2 лет назад

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

oracle-oval логотип

ELSA-2023-6496

oracle-oval
почти 2 года назад

ELSA-2023-6496: haproxy security and bug fix update (MODERATE)

EPSS

Процентиль: 0%
0.00005
Низкий

7.5 High

CVSS3