CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-0056	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-0056	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:haproxy:haproxy:-:::::::*
	cpe:2.3:a:redhat:ceph_storage:5.0:::::::*
	cpe:2.3:a:redhat:software_collections:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:4.10::::::arm64:
	cpe:2.3:a:redhat:openshift_container_platform:4.11::::::arm64:
	cpe:2.3:a:redhat:openshift_container_platform:4.12::::::arm64:

Configuration 4 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

History

21 Nov 2024, 07:36

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2023-0056 - Vendor Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-0056 - Vendor Advisory

03 Apr 2023, 17:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-0056 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-0056 - Vendor Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.11::::::arm64: cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::* cpe:2.3:a:redhat:ceph_storage:5.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.10::::::arm64: cpe:2.3:a:haproxy:haproxy:-:::::::* cpe:2.3:a:redhat:software_collections:-:::::::* cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.12::::::arm64: cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::*
First Time		Redhat enterprise Linux Fedoraproject extra Packages For Enterprise Linux Redhat software Collections Redhat Redhat openshift Container Platform For Power Redhat ceph Storage Redhat openshift Container Platform Fedoraproject fedora Haproxy Redhat openshift Container Platform For Ibm Linuxone Haproxy haproxy Fedoraproject Redhat openshift Container Platform Ibm Z Systems
CWE		CWE-400

23 Mar 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-23 21:15

Updated : 2025-02-25 20:15

NVD link : CVE-2023-0056

Mitre link : CVE-2023-0056

CVE.ORG link : CVE-2023-0056

JSON object : View

Products Affected

redhat

ceph_storage
software_collections
openshift_container_platform
openshift_container_platform_ibm_z_systems
openshift_container_platform_for_power
enterprise_linux
openshift_container_platform_for_ibm_linuxone

fedoraproject

fedora
extra_packages_for_enterprise_linux

haproxy

haproxy

CWE

CWE-400

Uncontrolled Resource Consumption

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2023-0056

6.5^/10

Attach tags to `CVE-2023-0056`