Launchpad.net

CVE 2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.

Related bugs and status

CVE-2023-25725 (Candidate) is related to these bugs:

Bug #2009334: [Debian] CVE: CVE-2023-25725: haproxy : may allow a bypass of access control

Summary				In	Importance	Status
	2009334	[Debian] CVE: CVE-2023-25725: haproxy : may allow a bypass of access control		StarlingX	High	Fix Released

Bug #2012557: [MRE] haproxy

		In	Importance	Status
2012557	[MRE] haproxy	haproxy (Ubuntu)	Undecided	Invalid
2012557	[MRE] haproxy	haproxy (Ubuntu Kinetic)	Undecided	Fix Released
2012557	[MRE] haproxy	haproxy (Ubuntu Focal)	Undecided	Fix Released
2012557	[MRE] haproxy	haproxy (Ubuntu Jammy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-25725

Related bugs and status

Related bugs

References