CVE-2023-0056

2023-01-1800:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

45.9%

JSON

An uncontrolled resource consumption vulnerability was discovered in
HAProxy which could crash the service. This issue could allow an
authenticated remote attacker to run a specially crafted malicious server
in an OpenShift cluster. The biggest impact is to availability.

Bugs

<https://github.com/haproxy/haproxy/issues/1972>

Notes

Author	Note
mdeslaur	code in bionic and earlier is different, and there is no indication it is vulnerable to the same issue, and there is no reproducer for this, so marking as not-affected.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchhaproxy< 2.0.29-0ubuntu1.1UNKNOWN
ubuntu22.04noarchhaproxy< 2.4.18-0ubuntu1.1UNKNOWN
ubuntu22.10noarchhaproxy< 2.4.18-1ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	haproxy	< 2.0.29-0ubuntu1.1	UNKNOWN
ubuntu	22.04	noarch	haproxy	< 2.4.18-0ubuntu1.1	UNKNOWN
ubuntu	22.10	noarch	haproxy	< 2.4.18-1ubuntu1.1	UNKNOWN