CVE-2023-0836 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2023-0836?

CVE-2023-0836 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0836?

Check the references section above for vendor advisories and patch information. Affected products include: Haproxy Haproxy.

Vulnerability Description

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Haproxy	Haproxy	>= 2.2.0, < 2.2.27

Related Weaknesses (CWE)

CWE-459 CWE-200

References

FAQ

What is CVE-2023-0836?

CVE-2023-0836 is a vulnerability with a CVSS score of 7.5 (HIGH). An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized ...

How severe is CVE-2023-0836?

CVE-2023-0836 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0836?

Check the references section above for vendor advisories and patch information. Affected products include: Haproxy Haproxy.