{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0056", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T04:54:32.577Z", "dateReserved": "2023-01-04T00:00:00", "datePublished": "2023-03-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-03-23T00:00:00"}, "descriptions": [{"lang": "en", "value": "An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability."}], "affected": [{"vendor": "n/a", "product": "haproxy", "versions": [{"version": "unknown", "status": "affected"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0056"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400", "cweId": "CWE-400"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.577Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0056", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haproxy:haproxy:-:*:*:*:*:*:*:*", "matchCriteriaId": "68833392-03CF-4C78-B499-EB2B8C1335D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "948DF974-D58C-41D3-9024-1C7D260D822F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "2127E592-F973-4244-9793-680736EC5313", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "608FBE62-5A35-4C7A-BBC7-E0D05E09008B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:arm64:*", "matchCriteriaId": "4E5177BE-F2A0-4148-AA26-E1C8D3B75D13", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:arm64:*", "matchCriteriaId": "1E5CB8B9-F3B7-478E-94EA-705BDBE902D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:arm64:*", "matchCriteriaId": "36DBD95A-D9C8-47CB-AD0E-F37255E237EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "91EE3858-A648-44B4-B282-8F808D88D3B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "54E24055-813B-4E6D-94B7-FAD5F78B8537", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "E58526FB-522F-4AAC-B03C-9CAB443D0CFF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*", "matchCriteriaId": "EA983F8C-3A06-450A-AEFF-9429DE9A3454", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.11:*:*:*:*:*:*:*", "matchCriteriaId": "1104A2D0-B813-41B0-A6FB-677A3FC249BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:*:*:*:*:*:*:*", "matchCriteriaId": "6B2EF9F6-CE0A-48FA-87E5-77F94363B540", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:*:*:*:*:*:*:*", "matchCriteriaId": "22DFC1BF-2EC4-4102-97D0-BC9F75C94F71", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "948DF974-D58C-41D3-9024-1C7D260D822F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "2127E592-F973-4244-9793-680736EC5313", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "608FBE62-5A35-4C7A-BBC7-E0D05E09008B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability."}], "id": "CVE-2023-0056", "lastModified": "2023-04-03T17:42:52.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-23T21:15:19.087", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-0056"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0746", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "rhceph/rhceph-haproxy-rhel8:2.2.19-32", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-02-08T00:00:00Z"}, {"advisory": "RHSA-2023:1696", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "haproxy-0:2.4.17-3.el9_1.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-04-11T00:00:00Z"}, {"advisory": "RHSA-2023:1978", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "haproxy-0:2.4.7-2.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-04-25T00:00:00Z"}, {"advisory": "RHBA-2023:0898", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "haproxy-0:2.2.19-3.el8", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHBA-2023:0773", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "haproxy-0:2.2.24-2.el8", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:0727", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "haproxy-0:2.2.24-2.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-02-16T00:00:00Z"}, {"advisory": "RHSA-2023:1325", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "haproxy-0:2.2.24-3.rhaos4.13.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-18T00:00:00Z"}, {"advisory": "RHBA-2023:1321", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "package": "haproxy-0:2.2.15-6.el8", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2023-03-27T00:00:00Z"}], "bugzilla": {"description": "haproxy: segfault DoS", "id": "2160808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160808"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.", "An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability."], "name": "CVE-2023-0056", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-haproxy18-haproxy", "product_name": "Red Hat Software Collections"}], "public_date": "2022-12-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0056\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0056\nhttps://github.com/haproxy/haproxy/issues/1972"], "threat_severity": "Moderate"}