vulnerability
Red Hat: CVE-2023-0836: data leak via fcgi requests (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Mar 29, 2023 | Nov 8, 2023 | Sep 1, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Mar 29, 2023
Added
Nov 8, 2023
Modified
Sep 1, 2025
Description
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-haproxyredhat-upgrade-haproxy-debuginforedhat-upgrade-haproxy-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.