{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0836", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-02-18T16:42:03.756Z", "dateReserved": "2023-02-14T00:00:00.000Z", "datePublished": "2023-03-29T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-04-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way."}], "affected": [{"vendor": "n/a", "product": "HAProxy", "versions": [{"version": "HAProxy 2.8, HAProxy 2.7.1, HAProxy 2.6.8, HAProxy 2.5.11, HAProxy 2.4.21, HAProxy 2.2.27", "status": "affected"}]}], "references": [{"url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a"}, {"name": "DSA-5388", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5388"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200", "cweId": "CWE-200"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.530Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a", "tags": ["x_transferred"]}, {"name": "DSA-5388", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5388"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-459", "lang": "en", "description": "CWE-459 Incomplete Cleanup"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-18T16:41:58.450731Z", "id": "CVE-2023-0836", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T16:42:03.756Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5388", "name": "DSA-5388", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.530Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-0836", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-18T16:41:58.450731Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T16:40:23.224Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "HAProxy", "versions": [{"status": "affected", "version": "HAProxy 2.8, HAProxy 2.7.1, HAProxy 2.6.8, HAProxy 2.5.11, HAProxy 2.4.21, HAProxy 2.2.27"}]}], "references": [{"url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a"}, {"url": "https://www.debian.org/security/2023/dsa-5388", "name": "DSA-5388", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-04-14T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0836", "state": "PUBLISHED", "dateUpdated": "2025-02-18T16:42:03.756Z", "dateReserved": "2023-02-14T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-03-29T00:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "2716FE42-E573-4714-81AD-6C282F19D4DB", "versionEndExcluding": "2.2.27", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7A06FF0-94D5-4414-9089-5E8EDCF28FB2", "versionEndIncluding": "2.4.21", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "E793E6B3-4384-4E14-95F0-4A9764694BD7", "versionEndIncluding": "2.5.11", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "403E881D-2546-4324-AD6A-C1F96D66EF7C", "versionEndIncluding": "2.6.8", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B917864F-A221-453D-9A8A-A5E6F2923894", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "64C89E5B-9EEC-4BE8-89C2-E9908B016872", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3C053BE-78C8-475F-8D2B-56FAD7B0E0D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way."}], "id": "CVE-2023-0836", "lastModified": "2025-02-18T17:15:15.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-03-29T21:15:07.950", "references": [{"source": "secalert@redhat.com", "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a"}, {"source": "secalert@redhat.com", "url": "https://www.debian.org/security/2023/dsa-5388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5388"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-459"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Youfu Zhang (Chaitin Security Research Lab) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:6496", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "haproxy-0:2.4.22-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "haproxy: data leak via fcgi requests", "id": "2180746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180746"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-459", "details": ["An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.", "A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGI_BEGIN_REQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system."], "name": "CVE-2023-0836", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "haproxy", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-haproxy18-haproxy", "product_name": "Red Hat Software Collections"}], "public_date": "2022-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0836\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0836\nhttps://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=2e6bf0a"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-459: Incomplete Cleanup vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform's ephemeral workloads, strict lifecycle management, and automated resource cleanup routines significantly reduce the likelihood that residual data would persist in a meaningful or exploitable state. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, reducing the risk of DoS attacks. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention to detect anomalies and enforce cleanup procedures.", "threat_severity": "Moderate"}