{
  "threat_severity" : "Moderate",
  "public_date" : "2022-12-21T00:00:00Z",
  "bugzilla" : {
    "description" : "haproxy: segfault DoS",
    "id" : "2160808",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2160808"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.", "An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Ceph Storage 5.3",
    "release_date" : "2024-02-08T00:00:00Z",
    "advisory" : "RHSA-2024:0746",
    "cpe" : "cpe:/a:redhat:ceph_storage:5.3::el8",
    "package" : "rhceph/rhceph-haproxy-rhel8:2.2.19-32"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-04-11T00:00:00Z",
    "advisory" : "RHSA-2023:1696",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "haproxy-0:2.4.17-3.el9_1.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2023-04-25T00:00:00Z",
    "advisory" : "RHSA-2023:1978",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "haproxy-0:2.4.7-2.el9_0.2"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.10",
    "release_date" : "2023-03-01T00:00:00Z",
    "advisory" : "RHBA-2023:0898",
    "cpe" : "cpe:/a:redhat:openshift:4.10::el8",
    "package" : "haproxy-0:2.2.19-3.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.11",
    "release_date" : "2023-02-21T00:00:00Z",
    "advisory" : "RHBA-2023:0773",
    "cpe" : "cpe:/a:redhat:openshift:4.11::el8",
    "package" : "haproxy-0:2.2.24-2.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.12",
    "release_date" : "2023-02-16T00:00:00Z",
    "advisory" : "RHSA-2023:0727",
    "cpe" : "cpe:/a:redhat:openshift:4.12::el8",
    "package" : "haproxy-0:2.2.24-2.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2023-05-18T00:00:00Z",
    "advisory" : "RHSA-2023:1325",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el8",
    "package" : "haproxy-0:2.2.24-3.rhaos4.13.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.9",
    "release_date" : "2023-03-27T00:00:00Z",
    "advisory" : "RHBA-2023:1321",
    "cpe" : "cpe:/a:redhat:openshift:4.9::el8",
    "package" : "haproxy-0:2.2.15-6.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "haproxy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "haproxy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Out of support scope",
    "package_name" : "haproxy",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-haproxy18-haproxy",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-0056\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0056\nhttps://github.com/haproxy/haproxy/issues/1972" ],
  "name" : "CVE-2023-0056",
  "csaw" : false
}