High severity7.5NVD Advisory· Published Mar 29, 2023· Updated Jun 17, 2026
CVE-2023-0836
CVE-2023-0836
Description
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
Affected products
42.1, 2.2 < 2.2.27, 2.3, 2.4 < 2.4.21, 2.5 < 2.5.11, 2.6 < 2.6.8, 2.7 < 2.7.1+ 1 more
- (no CPE)range: 2.1, 2.2 < 2.2.27, 2.3, 2.4 < 2.4.21, 2.5 < 2.5.11, 2.6 < 2.6.8, 2.7 < 2.7.1
- (no CPE)range: HAProxy 2.8, HAProxy 2.7.1, HAProxy 2.6.8, HAProxy 2.5.11, HAProxy 2.4.21, HAProxy 2.2.27
- osv-coords2 versions
>= 2.1.0, < 2.1.1+ 1 more
- (no CPE)range: >= 2.1.0, < 2.1.1
- (no CPE)range: < 2.4.22-1.el9
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.