Vulnerabilities > CVE-2019-11323 - Use of Uninitialized Resource vulnerability in Haproxy

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

haproxy

CWE-908

NVD

Published: 2019-05-09

Updated: 2023-11-07

Summary

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.

Vulnerable Configurations

Part	Description	Count
Application	Haproxy Haproxy Haproxy 1.9.2 Haproxy Haproxy 1.9.3 Haproxy Haproxy 1.9.4 Haproxy Haproxy 1.9.5 Haproxy Haproxy 1.9.6	5

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=8ef706502aa2000531d36e4ac56dbdc7c30f718d
https://www.mail-archive.com/haproxy%40formilux.org/msg33410.html