CVE-2023-25725

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-25725
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25725.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25725
Aliases
Related
Published
2023-02-14T19:15:11Z
Modified
2024-09-18T03:23:53.010232Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.

References

Affected packages

Debian:11 / haproxy

Package

Name
haproxy
Purl
pkg:deb/debian/haproxy?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.9-2+deb11u4

Affected versions

2.*

2.2.9-2
2.2.9-2+deb11u1~bpo10+1
2.2.9-2+deb11u1
2.2.9-2+deb11u2~bpo10+1
2.2.9-2+deb11u2
2.2.9-2+deb11u3~bpo10+1
2.2.9-2+deb11u3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / haproxy

Package

Name
haproxy
Purl
pkg:deb/debian/haproxy?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.8-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / haproxy

Package

Name
haproxy
Purl
pkg:deb/debian/haproxy?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.8-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/haproxy/haproxy

Affected ranges

Type
GIT
Repo
https://github.com/haproxy/haproxy
Events
Introduced
f2e0833f16aa8c09e1c7001ff55aac4f13c643b7
Fixed
35dc13f224fa3e54814f442a7f63cba642c0be53

Affected versions

v2.*

v2.5.0