CVE-2023-0836 - AskarLabs CVE Database

CVE-2023-0836

Vendor N/A

Product HAProxy

Weakness CWE-200 · Info exposure

Published March 29, 2023

Last update February 18, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

Key dates

02Disclosure timeline

March 29, 2023 CVE published

February 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0836 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2021-21534 CVE-2025-2842 Tempo-operator: tempo operator token exposition lead to read sensitive data CVE-2025-41230 VMware Cloud Foundation Information Disclosure Vulnerability CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure