HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.
References
Configurations
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-908 | |
References |
|
|
Information
Published : 2019-05-09 14:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-11323
Mitre link : CVE-2019-11323
CVE.ORG link : CVE-2019-11323
JSON object : View
Products Affected
haproxy
- haproxy