CVE-2023-0056

Published: Mar 23, 2023Modified: Feb 25, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

Affected (21)

Products: Haproxy: Haproxy · Redhat: Ceph Storage, Software Collections, Openshift Container Platform, Openshift Container Platform For Ibm Linuxone, Openshift Container Platform For Power, Openshift Container Platform Ibm Z Systems · Fedoraproject: Extra Packages For Enterprise Linux, Fedora

1 product

6 products

Openshift Container Platform

Openshift Container Platform For Ibm Linuxone

Openshift Container Platform For Power

Openshift Container Platform Ibm Z Systems

Fedoraproject

2 products

Extra Packages For Enterprise Linux

Fedora

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Haproxy Haproxy	All versions
Redhat Ceph Storage	Version 5.0
Redhat Software Collections	All versions

Configuration B

1 platform

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 9.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.10
Redhat Openshift Container Platform	Version 4.11
Redhat Openshift Container Platform	Version 4.12

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.10
Redhat Openshift Container Platform For Ibm Linuxone	Version 4.10
Redhat Openshift Container Platform For Power	Version 4.10
Redhat Openshift Container Platform Ibm Z Systems	Version 4.10

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.11
Redhat Openshift Container Platform For Ibm Linuxone	Version 4.11
Redhat Openshift Container Platform For Power	Version 4.11
Redhat Openshift Container Platform Ibm Z Systems	Version 4.11

Configuration F

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.12
Redhat Openshift Container Platform For Ibm Linuxone	Version 4.12
Redhat Openshift Container Platform For Power	Version 4.12
Redhat Openshift Container Platform Ibm Z Systems	Version 4.12

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 8.0

Configuration G

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Extra Packages For Enterprise Linux	Version 8.0
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://access.redhat.com/security/cve/CVE-2023-0056

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0056

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.