Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2023-0836

Description

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

Affected products

osv-coords2 versions
pkg:bitnami/haproxy pkg:rpm/almalinux/haproxy
>= 2.1.0, < 2.1.1+ 1 more
- (no CPE)range: >= 2.1.0, < 2.1.1
- (no CPE)range: < 2.4.22-1.el9
Haproxy/Haproxyv5
Range: HAProxy 2.8, HAProxy 2.7.1, HAProxy 2.6.8, HAProxy 2.5.11, HAProxy 2.4.21, HAProxy 2.2.27

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2023/dsa-5388mitrevendor-advisory
git.haproxy.orgmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000