CVE-2023-25725

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-25725
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25725.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-25725
Aliases
Downstream
Related
Published
2023-02-14T19:15:11.530Z
Modified
2026-04-11T12:45:44.608944Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "2.0.31"
                },
                {
                    "introduced": "2.1.0"
                },
                {
                    "fixed": "2.2.29"
                },
                {
                    "introduced": "2.3.0"
                },
                {
                    "fixed": "2.4.22"
                }
            ],
            "cpe": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "11.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/haproxy/haproxy

Affected ranges

Type
GIT
Repo
https://github.com/haproxy/haproxy
Events
Introduced
f2e0833f16aa8c09e1c7001ff55aac4f13c643b7
Fixed
35dc13f224fa3e54814f442a7f63cba642c0be53
Introduced
a1efc048bf8a5e14466dbe7317e73117e8d66176
Fixed
e979796584266caca16250c64cec65d5ec6ff33c
Introduced
437fd289f2e32e56498d2d4da63852d483f284ef
Fixed
87e95d38a9b9b69462569cc75fd1687b3605be7b
Database specific 
{
    "extracted_events": [
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.12"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.6.9"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.3"
        }
    ],
    "cpe": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD"
}

Affected versions

v2.*
v2.5.0
v2.6-dev0
v2.6-dev1
v2.6-dev2
v2.6-dev3
v2.6-dev4
v2.6-dev5
v2.6-dev6
v2.6-dev7
v2.6-dev8
v2.6.0
v2.7-dev0
v2.7-dev1
v2.7-dev2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25725.json"