CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-0056	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:haproxy:haproxy:-:::::::*
	cpe:2.3:a:redhat:ceph_storage:5.0:::::::*
	cpe:2.3:a:redhat:software_collections:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:4.10::::::arm64:
	cpe:2.3:a:redhat:openshift_container_platform:4.11::::::arm64:
	cpe:2.3:a:redhat:openshift_container_platform:4.12::::::arm64:

Configuration 4 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

History

03 Apr 2023, 17:42

Type	Values Removed	Values Added
CPE		cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:ceph_storage:5.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.12::::::arm64: cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.11::::::arm64: cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.11:::::::* cpe:2.3:a:haproxy:haproxy:-:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.10::::::arm64: cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:::::::* cpe:2.3:a:redhat:software_collections:-:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::* cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-0056 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-0056 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CWE		CWE-400
First Time		Fedoraproject extra Packages For Enterprise Linux Redhat openshift Container Platform For Ibm Linuxone Redhat ceph Storage Haproxy haproxy Redhat software Collections Redhat openshift Container Platform For Power Redhat openshift Container Platform Ibm Z Systems Fedoraproject fedora Redhat openshift Container Platform Haproxy Redhat Redhat enterprise Linux Fedoraproject

23 Mar 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-23 21:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-0056

Mitre link : CVE-2023-0056

CVE.ORG link : CVE-2023-0056

JSON object : View

Products Affected

redhat

software_collections
openshift_container_platform_for_ibm_linuxone
openshift_container_platform_ibm_z_systems
enterprise_linux
openshift_container_platform_for_power
openshift_container_platform
ceph_storage

haproxy

haproxy

fedoraproject

extra_packages_for_enterprise_linux
fedora

CWE

CWE-400

Uncontrolled Resource Consumption

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2023-0056

6.5^/10

Attach tags to `CVE-2023-0056`