Vulnerabilities > CVE-2019-11323 - Use of Uninitialized Resource vulnerability in Haproxy
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
References
- http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=8ef706502aa2000531d36e4ac56dbdc7c30f718d
- http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=8ef706502aa2000531d36e4ac56dbdc7c30f718d
- https://www.mail-archive.com/haproxy%40formilux.org/msg33410.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg33410.html