CVE-2023-40225 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-40225 Interim 1 21 2025-08-06T01:27:24Z current 2023-08-10T23:15:41Z 2025-08-06T01:27:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-40225 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2023-September/016267.html E-Mail link for SUSE-CU-2023:3072-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/016041.html E-Mail link for SUSE-SU-2023:3469-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/016047.html E-Mail link for SUSE-SU-2023:3490-1 https://lists.suse.com/pipermail/sle-security-updates/2023-December/017412.html E-Mail link for SUSE-SU-2023:4646-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container ses/7.1/ceph/haproxy:2.0.31.3.5.503 HPE Helion OpenStack 8 SUSE Liberty Linux 9 SUSE Linux Enterprise High Availability Extension 12 SP4 SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise High Availability Extension 15 SP1 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Availability Extension 15 SP3 SUSE Linux Enterprise High Availability Extension 15 SP4 SUSE Linux Enterprise High Availability Extension 15 SP5 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Leap Micro 5.3 openSUSE Leap Micro 5.4 openSUSE Tumbleweed haproxy haproxy-2.0.31-150100.8.34.1 haproxy-2.0.31-150200.11.23.1 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 haproxy-2.4.22-3.el9_3 haproxy-2.8.2+git0.61a0f576a-2.1 haproxy-2.8.3+git0.86e043add-1.7 haproxy-2.8.3+git0.86e043add-slfo.1.1_1.2 haproxy-2.0.31-150200.11.23.1 as a component of Container ses/7.1/ceph/haproxy:2.0.31.3.5.503 haproxy-2.4.22-3.el9_3 as a component of SUSE Liberty Linux 9 haproxy-2.0.31-150100.8.34.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 haproxy-2.0.31-150200.11.23.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP2 haproxy-2.0.31-150200.11.23.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP4 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP5 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of SUSE Linux Enterprise Micro 5.3 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of SUSE Linux Enterprise Micro 5.4 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of SUSE Linux Enterprise Micro 5.5 haproxy-2.8.3+git0.86e043add-1.7 as a component of SUSE Linux Micro 6.0 haproxy-2.8.3+git0.86e043add-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of openSUSE Leap 15.4 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of openSUSE Leap 15.5 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of openSUSE Leap Micro 5.3 haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 as a component of openSUSE Leap Micro 5.4 haproxy-2.8.2+git0.61a0f576a-2.1 as a component of openSUSE Tumbleweed haproxy as a component of HPE Helion OpenStack 8 haproxy as a component of SUSE Linux Enterprise High Availability Extension 12 SP4 haproxy as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 haproxy as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 haproxy as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 haproxy as a component of SUSE OpenStack Cloud 8 haproxy as a component of SUSE OpenStack Cloud 9 haproxy as a component of SUSE OpenStack Cloud Crowbar 8 haproxy as a component of SUSE OpenStack Cloud Crowbar 9 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. CVE-2023-40225 Container ses/7.1/ceph/haproxy:2.0.31.3.5.503:haproxy-2.0.31-150200.11.23.1 SUSE Liberty Linux 9:haproxy-2.4.22-3.el9_3 SUSE Linux Enterprise High Availability Extension 15 SP1:haproxy-2.0.31-150100.8.34.1 SUSE Linux Enterprise High Availability Extension 15 SP2:haproxy-2.0.31-150200.11.23.1 SUSE Linux Enterprise High Availability Extension 15 SP3:haproxy-2.0.31-150200.11.23.1 SUSE Linux Enterprise High Availability Extension 15 SP4:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 SUSE Linux Enterprise High Availability Extension 15 SP5:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 SUSE Linux Enterprise Micro 5.3:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 SUSE Linux Enterprise Micro 5.4:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 SUSE Linux Enterprise Micro 5.5:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 SUSE Linux Micro 6.0:haproxy-2.8.3+git0.86e043add-1.7 SUSE Linux Micro 6.1:haproxy-2.8.3+git0.86e043add-slfo.1.1_1.2 openSUSE Leap 15.4:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 openSUSE Leap 15.5:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 openSUSE Leap Micro 5.3:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 openSUSE Leap Micro 5.4:haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 openSUSE Tumbleweed:haproxy-2.8.2+git0.61a0f576a-2.1 HPE Helion OpenStack 8:haproxy SUSE Linux Enterprise High Availability Extension 12 SP4:haproxy SUSE Linux Enterprise High Availability Extension 12 SP5:haproxy SUSE Linux Enterprise Server for SAP Applications 12 SP4:haproxy SUSE Linux Enterprise Server for SAP Applications 12 SP5:haproxy SUSE OpenStack Cloud 8:haproxy SUSE OpenStack Cloud 9:haproxy SUSE OpenStack Cloud Crowbar 8:haproxy SUSE OpenStack Cloud Crowbar 9:haproxy moderate 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N