CVE-2023-0836

CVE Database · CVE-2023-0836

CVE-2023-0836

· HIGHModified

CVSS v3.1

7.5

EPSS

1.20%

Published

Mar 29, 2023

Modified

Feb 18, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-459CWE-459

Affected Products (7)

haproxy · haproxy (up to 2.2.27)vulnerable

haproxy · haproxyvulnerable

References (4)

https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a

https://www.debian.org/security/2023/dsa-5388

https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a

https://www.debian.org/security/2023/dsa-5388

KEV Catalog EPSS Scores Vendors All CVEs