{"id":"CVE-2023-25950","details":"HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.","aliases":["BIT-haproxy-2023-25950"],"modified":"2026-04-12T07:26:32.597321Z","published":"2023-04-11T09:15:07.937Z","references":[{"type":"WEB","url":"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46"},{"type":"WEB","url":"https://www.haproxy.org/"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN38170084/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/haproxy/haproxy","events":[{"introduced":"2454d6ef5b5de57de6d5263aab05897c042961bc"},{"last_affected":"3e69fcc240022d90c62aa9aa111c785d7f15c1ce"},{"introduced":"0"},{"last_affected":"437fd289f2e32e56498d2d4da63852d483f284ef"}],"database_specific":{"extracted_events":[{"introduced":"2.6.1"},{"last_affected":"2.6.7"},{"introduced":"0"},{"last_affected":"2.7.0"}],"cpe":["cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","cpe:2.3:a:haproxy:haproxy:2.7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["v2.6-dev1","v2.6-dev10","v2.6-dev11","v2.6-dev12","v2.6-dev2","v2.6-dev3","v2.6-dev4","v2.6-dev5","v2.6-dev6","v2.6-dev7","v2.6-dev8","v2.6-dev9","v2.6.0","v2.7-dev0","v2.7-dev1","v2.7-dev10","v2.7-dev2","v2.7-dev3","v2.7-dev4","v2.7-dev5","v2.7-dev6","v2.7-dev7","v2.7-dev8","v2.7-dev9","v2.7.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25950.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}