CVE-2023-25950

NameCVE-2023-25950
DescriptionHTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
haproxy (PTS)jessie, jessie (lts)1.5.8-3+deb8u4fixed
stretch (security)1.7.5-2+deb9u1fixed
stretch (lts), stretch1.7.5-2+deb9u2fixed
buster (security), buster, buster (lts)1.8.19-1+deb10u5fixed
bullseye (security), bullseye2.2.9-2+deb11u6fixed
bookworm (security), bookworm2.6.12-1+deb12u1fixed
sid, trixie3.0.6-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
haproxysourcejessie(not affected)
haproxysourcestretch(not affected)
haproxysourcebuster(not affected)
haproxysourcebullseye(not affected)
haproxysource(unstable)2.6.8-1

Notes

[bullseye] - haproxy <not-affected> (Vulnerable code not present)
[buster] - haproxy <not-affected> (Vulnerable code not present)
https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46 (v2.7.1)
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=22b44d5f2c7ce1ed0e4b62c639991d5abbd42a50 (v2.6.8)
[stretch] - haproxy <not-affected> (Vulnerable code was introduced later)
[jessie] - haproxy <not-affected> (Vulnerable code was introduced later)

Search for package or bug name: Reporting problems