CVE-2019-11323

Published: May 9, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.

Affected (1)

Products: Haproxy: Haproxy

Haproxy

1 product

Haproxy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haproxy Haproxy	From 1.9.2 to 1.9.7

Related CWEs

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-908

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (4)

http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=8ef706502aa2000531d36e4ac56dbdc7c30f718d

Source: cve@mitre.org

https://www.mail-archive.com/haproxy%40formilux.org/msg33410.html

Source: cve@mitre.org

http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=8ef706502aa2000531d36e4ac56dbdc7c30f718d

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mail-archive.com/haproxy%40formilux.org/msg33410.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.