CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
| Software | From | Fixed in |
|---|---|---|
| haproxy / haproxy | 2.7.0 | 2.7.0.x |
| haproxy / haproxy | 2.6.0 | 2.6.8.x |
| haproxy / haproxy | 2.5.0 | 2.5.11.x |
| haproxy / haproxy | 2.4.0 | 2.4.21.x |
| haproxy / haproxy | 2.3.0 | 2.3.0.x |
| haproxy / haproxy | 2.2.0 | 2.2.27 |
| haproxy / haproxy | 2.1.0 | 2.1.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime