VYPR
High severity7.5NVD Advisory· Published Mar 29, 2023· Updated Jun 17, 2026

CVE-2023-0836

CVE-2023-0836

Description

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

Affected products

4
  • Haproxy/Haproxyllm-fuzzy2 versions
    2.1, 2.2 < 2.2.27, 2.3, 2.4 < 2.4.21, 2.5 < 2.5.11, 2.6 < 2.6.8, 2.7 < 2.7.1+ 1 more
    • (no CPE)range: 2.1, 2.2 < 2.2.27, 2.3, 2.4 < 2.4.21, 2.5 < 2.5.11, 2.6 < 2.6.8, 2.7 < 2.7.1
    • (no CPE)range: HAProxy 2.8, HAProxy 2.7.1, HAProxy 2.6.8, HAProxy 2.5.11, HAProxy 2.4.21, HAProxy 2.2.27
  • osv-coords2 versions
    >= 2.1.0, < 2.1.1+ 1 more
    • (no CPE)range: >= 2.1.0, < 2.1.1
    • (no CPE)range: < 2.4.22-1.el9

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.