VDB
DEBIAN-CVE-2023-0836
DEBIAN-CVE-2023-0836
PUBLISHED
CVSS 7.5 HIGH
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | haproxy | 0, 2.2.9-2, 2.2.9-2 |
| Debian:12 | haproxy | 0, 0, 0 |
| Debian:14 | haproxy | 0, 0, 0 |
| Debian:13 | haproxy | 0, 0, 0 |
Timeline
- Mar 29, 2023 CVE Published
- Apr 28, 2026 CVE Updated