{"id":"CVE-2023-40225","details":"HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.","aliases":["BIT-haproxy-2023-40225"],"modified":"2026-04-02T09:24:06.341877Z","published":"2023-08-10T21:15:10.743Z","related":["ALSA-2024:1142","CGA-54g5-xw2p-2xch","MGASA-2023-0320","SUSE-SU-2023:3469-1","SUSE-SU-2023:3490-1","SUSE-SU-2023:4646-1","openSUSE-SU-2024:13116-1"],"references":[{"type":"ADVISORY","url":"https://www.haproxy.org/download/2.7/src/CHANGELOG"},{"type":"ADVISORY","url":"https://www.haproxy.org/download/2.8/src/CHANGELOG"},{"type":"ADVISORY","url":"https://www.haproxy.org/download/2.6/src/CHANGELOG"},{"type":"REPORT","url":"https://github.com/haproxy/haproxy/issues/2237"},{"type":"FIX","url":"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856"},{"type":"ARTICLE","url":"https://cwe.mitre.org/data/definitions/436.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.haproxy.org/haproxy-2.0.git","events":[{"introduced":"0"},{"last_affected":"09b74d8a453ba1b1f71b217c321983511383c2d2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.32"}]}},{"type":"GIT","repo":"https://git.haproxy.org/haproxy-2.2.git","events":[{"introduced":"3a00c915fd241fc398a080a11ccac9c5c46791ce"},{"last_affected":"5f4877ec77240f80774b7f7cb2f65f2d26f3f4cf"}],"database_specific":{"versions":[{"introduced":"2.2.0"},{"last_affected":"2.2.30"}]}},{"type":"GIT","repo":"https://git.haproxy.org/haproxy-2.4.git","events":[{"introduced":"6cbbecf09734aeb5fa8bb88f36f06a6f6d35e813"},{"last_affected":"62cb999fe65e415ba7176354172612a7ee8bdf04"}],"database_specific":{"versions":[{"introduced":"2.4.0"},{"last_affected":"2.4.23"}]}},{"type":"GIT","repo":"https://git.haproxy.org/haproxy-2.6.git","events":[{"introduced":"f2e0833f16aa8c09e1c7001ff55aac4f13c643b7"},{"fixed":"446b02c89880ca778201642016e5d7de6e969532"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.6.15"}]}},{"type":"GIT","repo":"https://github.com/haproxy/haproxy","events":[{"introduced":"437fd289f2e32e56498d2d4da63852d483f284ef"},{"fixed":"0279df9e824723004b27cae2d4a04a7b1b924202"},{"introduced":"fdd8154ed37fef7f351075caa357917f94704dd7"},{"fixed":"0f29b34e0a06cdd59ae2278d33c16f63ca435468"},{"fixed":"6492f1f29d738457ea9f382aca54537f35f9d856"}],"database_specific":{"versions":[{"introduced":"2.7.0"},{"fixed":"2.7.10"},{"introduced":"2.8.0"},{"fixed":"2.8.2"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.1.0","v1.1.1","v1.1.10","v1.1.11","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.17","v1.1.18","v1.1.19","v1.1.2","v1.1.20","v1.1.21","v1.1.22","v1.1.23","v1.1.24","v1.1.25","v1.1.26","v1.1.27","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.0","v1.2.1","v1.2.1-pre1","v1.2.1-pre2","v1.2.1-pre3","v1.2.10","v1.2.10.1","v1.2.11","v1.2.11.1","v1.2.12","v1.2.13","v1.2.13.1","v1.2.14","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.2.5-pre1","v1.2.5-pre2","v1.2.5-pre3","v1.2.5-pre4","v1.2.5.1","v1.2.5.2","v1.2.6","v1.2.6-pre4","v1.2.6-pre5","v1.2.7","v1.2.7.1","v1.2.7rc","v1.2.8","v1.2.9","v1.3.0","v1.3.1","v1.3.10","v1.3.10.1","v1.3.10.2","v1.3.11","v1.3.11.1","v1.3.11.2","v1.3.11.3","v1.3.11.4","v1.3.12","v1.3.12.1","v1.3.12.2","v1.3.12.3","v1.3.12.4","v1.3.13","v1.3.13.1","v1.3.13.2","v1.3.14","v1.3.14.1","v1.3.14.10","v1.3.14.11","v1.3.14.12","v1.3.14.13","v1.3.14.14","v1.3.14.2","v1.3.14.3","v1.3.14.4","v1.3.14.5","v1.3.14.6","v1.3.14.7","v1.3.14.8","v1.3.14.9","v1.3.15","v1.3.15.1","v1.3.15.10","v1.3.15.11","v1.3.15.2","v1.3.15.3","v1.3.15.4","v1.3.15.5","v1.3.15.6","v1.3.15.7","v1.3.15.8","v1.3.15.9","v1.3.16","v1.3.16-rc1","v1.3.16-rc2","v1.3.17","v1.3.18","v1.3.19","v1.3.2","v1.3.20","v1.3.21","v1.3.22","v1.3.23","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.6.1","v1.3.7","v1.3.8","v1.3.8.1","v1.3.8.2","v1.3.9","v1.4-dev0","v1.4-dev1","v1.4-dev2","v1.4-dev3","v1.4-dev4","v1.4-dev5","v1.4-dev6","v1.4-dev7","v1.4-dev8","v1.4-rc1","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.5-dev10","v1.5-dev12","v1.5-dev13","v1.5-dev14","v1.5-dev15","v1.5-dev16","v1.5-dev17","v1.5-dev18","v1.5-dev19","v1.5-dev20","v1.5-dev21","v1.5-dev22","v1.5-dev23","v1.5-dev24","v1.5-dev25","v1.5-dev26","v1.5-dev8","v1.5-dev9","v1.5.0","v1.6-dev0","v1.6-dev1","v1.6-dev2","v1.6-dev3","v1.6-dev4","v1.6-dev5","v1.6-dev6","v1.6-dev7","v1.6.0","v1.7-dev0","v1.7-dev1","v1.7-dev2","v1.7-dev3","v1.7-dev4","v1.7-dev5","v1.7-dev6","v1.7.0","v1.8-dev0","v1.8-dev1","v1.8-dev2","v1.8-dev3","v1.8-rc1","v1.8-rc2","v1.8-rc3","v1.8-rc4","v1.8.0","v1.9-dev0","v1.9-dev1","v1.9-dev10","v1.9-dev11","v1.9-dev2","v1.9-dev3","v1.9-dev4","v1.9-dev5","v1.9-dev6","v1.9-dev7","v1.9-dev8","v1.9-dev9","v1.9.0","v2.0-dev0","v2.0-dev1","v2.0-dev2","v2.0-dev3","v2.0-dev4","v2.0-dev5","v2.0-dev6","v2.0-dev7","v2.0.0","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.2","v2.0.20","v2.0.21","v2.0.22","v2.0.23","v2.0.24","v2.0.25","v2.0.26","v2.0.27","v2.0.28","v2.0.29","v2.0.3","v2.0.30","v2.0.31","v2.0.32","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.14","v2.2.15","v2.2.16","v2.2.17","v2.2.18","v2.2.19","v2.2.2","v2.2.20","v2.2.21","v2.2.22","v2.2.23","v2.2.24","v2.2.25","v2.2.26","v2.2.27","v2.2.28","v2.2.29","v2.2.3","v2.2.30","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.4.0","v2.4.1","v2.4.10","v2.4.11","v2.4.12","v2.4.13","v2.4.14","v2.4.15","v2.4.16","v2.4.17","v2.4.18","v2.4.19","v2.4.2","v2.4.20","v2.4.21","v2.4.22","v2.4.23","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8","v2.4.9","v2.5.0","v2.6-dev0","v2.6-dev1","v2.6-dev10","v2.6-dev11","v2.6-dev12","v2.6-dev2","v2.6-dev3","v2.6-dev4","v2.6-dev5","v2.6-dev6","v2.6-dev7","v2.6-dev8","v2.6-dev9","v2.6.0","v2.6.1","v2.6.10","v2.6.11","v2.6.12","v2.6.13","v2.6.14","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.6.8","v2.6.9","v2.7.0","v2.8-dev0","v2.8-dev1","v2.8.0","v2.9-dev0","v2.9-dev1","v2.9-dev2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40225.json","vanir_signatures":[{"source":"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856","signature_type":"Function","target":{"function":"http_parse_cont_len_header","file":"src/http.c"},"id":"CVE-2023-40225-321cb63a","signature_version":"v1","digest":{"length":920,"function_hash":"233598116403124394327874341684154081692"},"deprecated":false},{"source":"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856","signature_type":"Line","target":{"file":"src/h1.c"},"id":"CVE-2023-40225-6bc15f13","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["165144268708067503662197180751835168325","181476966816870361302138927755052419995","38169904124979107543682445298778353719","90172390201955149448003837056493578792","190028181374243338045588907346606455051","107505088545251584894189210534290438397","331204091758823654164950303515118093648","236794157206778696007620946270386607677","252811914131326760711167158666797745135","31722181914028338651024671069621308286","150844051917068265160765471746425755346","286321739378888021026416454718199891256"]},"deprecated":false},{"source":"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856","signature_type":"Line","target":{"file":"src/http.c"},"id":"CVE-2023-40225-e91d6762","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["72171713211711176057473768202252814200","63927162197679533977345581072990894618","94110014460971723384658371440440144532","90172390201955149448003837056493578792","190028181374243338045588907346606455051","107505088545251584894189210534290438397","331204091758823654164950303515118093648","236794157206778696007620946270386607677","17986306145591369186963995970127593066","285864856605371214411020876314555345112","283123263476167121878797278369257674902","301864301687022632947606540948909654137"]},"deprecated":false},{"source":"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856","signature_type":"Function","target":{"function":"h1_parse_cont_len_header","file":"src/h1.c"},"id":"CVE-2023-40225-f584ff7d","signature_version":"v1","digest":{"length":1001,"function_hash":"228028521571946842552203437083185495676"},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}]}