CVE-2023-0056

Advisory lineage Upstream: 0 Downstream: 16

Downstream

DEBIAN-CVE-2023-0056 DSA-5348-1 RHBA-2023:0773 RHBA-2023:0898 RHBA-2023:1321 RHSA-2023:0727

Modified

Published: 23 Mar 2023, 00:00

Last modified:25 Feb 2025, 19:35

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.15% LOW

0% probability -0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Mar 2023, 00:00

Published

Vulnerability first disclosed

25 Feb 2025, 19:35

Last Modified

Vulnerability information updated

Description

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.15%• Percentile: 35%

Techniques & Countermeasures

CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

fedoraproject•extra_packages_for_enterprise_linux
8.0
fedoraproject•fedora
36 | 37
haproxy•haproxy
na
redhat•ceph_storage
5.0
redhat•openshift_container_platform
4.12 | 4.10 | 4.11
redhat•openshift_container_platform_for_ibm_linuxone
4.12 | 4.10 | 4.11
redhat•openshift_container_platform_for_power
4.12 | 4.10 | 4.11
redhat•openshift_container_platform_ibm_z_systems
4.12 | 4.10 | 4.11
redhat•software_collections
na

References (1)

https://access.redhat.com/security/cve/CVE-2023-0056