OpenCVE

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Extra Packages For Enterprise Linux Fedora
Haproxy	Haproxy
Redhat	Ceph Storage Enterprise Linux Openshift Openshift Container Platform Openshift Container Platform For Ibm Linuxone Openshift Container Platform For Power Openshift Container Platform Ibm Z Systems Rhel Eus Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:haproxy:haproxy:-:::::::*
	cpe:2.3:a:redhat:ceph_storage:5.0:::::::*
	cpe:2.3:a:redhat:software_collections:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

OR	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.10::::::arm64:
	cpe:2.3:a:redhat:openshift_container_platform:4.11::::::arm64:
	cpe:2.3:a:redhat:openshift_container_platform:4.12::::::arm64:

Configuration 4 [-]

AND

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR	cpe:2.3:a:redhat:openshift_container_platform:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

Package	CPE	Advisory	Released Date
Red Hat Ceph Storage 5.3
rhceph/rhceph-haproxy-rhel8:2.2.19-32	cpe:/a:redhat:ceph_storage:5.3::el8	RHSA-2024:0746	2024-02-08T00:00:00Z
Red Hat Enterprise Linux 9
haproxy-0:2.4.17-3.el9_1.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:1696	2023-04-11T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
haproxy-0:2.4.7-2.el9_0.2	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:1978	2023-04-25T00:00:00Z
Red Hat OpenShift Container Platform 4.10
haproxy-0:2.2.19-3.el8	cpe:/a:redhat:openshift:4.10::el8	RHBA-2023:0898	2023-03-01T00:00:00Z
Red Hat OpenShift Container Platform 4.11
haproxy-0:2.2.24-2.el8	cpe:/a:redhat:openshift:4.11::el8	RHBA-2023:0773	2023-02-21T00:00:00Z
Red Hat OpenShift Container Platform 4.12
haproxy-0:2.2.24-2.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0727	2023-02-16T00:00:00Z
Red Hat OpenShift Container Platform 4.13
haproxy-0:2.2.24-3.rhaos4.13.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1325	2023-05-18T00:00:00Z
Red Hat OpenShift Container Platform 4.9
haproxy-0:2.2.15-6.el8	cpe:/a:redhat:openshift:4.9::el8	RHBA-2023:1321	2023-03-27T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-0056
https://github.com/haproxy/haproxy/issues/1972
https://nvd.nist.gov/vuln/detail/CVE-2023-0056
https://www.cve.org/CVERecord?id=CVE-2023-0056

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-03-23T00:00:00

Updated: 2024-08-02T04:54:32.577Z

Reserved: 2023-01-04T00:00:00

Link: CVE-2023-0056

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-03-23T21:15:19.087

Modified: 2023-04-03T17:42:52.613

Link: CVE-2023-0056

Redhat

Severity : Moderate

Publid Date: 2022-12-21T00:00:00Z

Links: CVE-2023-0056 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object