Published: 13/07/2023 Updated: 24/10/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.

Vulnerable Product	Search on Vulmon	Subscribe to Product
envoyproxy envoy
nghttp2 nghttp2

Synopsis Important: Red Hat OpenShift Service Mesh Containers for 236 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 236 ContainersRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Envoy is a cloud-native high-performance edge/middle/service proxy Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping ...

Envoy is an open source edge and service proxy designed for cloud-native applications Prior to versions 1270, 1264, 1259, 12410, and 12312, a malicious client is able to construct credentials with permanent validity in some specific scenarios This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 f ...

Envoy is a cloud-native high-performance edge/middle/service proxy Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping ...

DescriptionA flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion This issue is caused by Envoy&rsquo;s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY fr ...

CVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) ...

Critical Infrastructure Sectors: Critical Manufacturing

cve-agent cve-agent is a tool that periodically scans images in a cluster for known vulnerabilities cve-agent scans images one time per day by default The scan result is stored can be accessed via HTTP Installation $ kubectl apply -f kubernetes Usage Port forward the cve-agent HTTP service to access the scan result $ kubectl port-forwa

CWE-459 https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346 https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r https://access.redhat.com/errata/RHSA-2023:4624 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15 https://alas.aws.amazon.com/ALAS-2023-1793.html

CVE-2023-35945

Vulnerability Summary

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect