2180746 – (CVE-2023-0836) CVE-2023-0836 haproxy: data leak via fcgi requests

Bug 2180746 (CVE-2023-0836) - CVE-2023-0836 haproxy: data leak via fcgi requests

Summary: CVE-2023-0836 haproxy: data leak via fcgi requests

Keywords:
Status:	NEW
Alias:	CVE-2023-0836
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2180759 2180860 2180861 2180862
Blocks:	2169886 2180758
TreeView+	depends on / blocked

Reported:	2023-03-22 07:56 UTC by Avinash Hanwate
Modified:	2023-11-07 08:18 UTC (History)
CC List:	16 users (show)
Fixed In Version:	HAProxy 2.8, HAProxy 2.7.1, HAProxy 2.6.8, HAProxy 2.5.11, HAProxy 2.4.21, HAProxy 2.2.27
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGI_BEGIN_REQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:6496	0	None	None	None	2023-11-07 08:18:21 UTC

Description Avinash Hanwate 2023-03-22 07:56:03 UTC

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8,
2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=2e6bf0a

Comment 5 errata-xmlrpc 2023-11-07 08:18:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6496 https://access.redhat.com/errata/RHSA-2023:6496

Note You need to log in before you can comment on or make changes to this bug.