vulnerability
CentOS Linux: CVE-2023-0836: Moderate: haproxy security and bug fix update (CESA-2023:6496)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Mar 29, 2023 | Nov 8, 2023 | Jan 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Mar 29, 2023
Added
Nov 8, 2023
Modified
Jan 28, 2025
Description
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
Solutions
centos-upgrade-haproxycentos-upgrade-haproxy-debuginfocentos-upgrade-haproxy-debugsource
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.