{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27491", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-01T19:03:56.634Z", "datePublished": "2023-04-04T18:18:23.433Z", "dateUpdated": "2024-08-02T12:16:35.377Z"}, "containers": {"cna": {"title": "Envoy forwards invalid Http2/Http3 downstream headers", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"}, {"name": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3", "tags": ["x_refsource_MISC"], "url": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"}, {"name": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1", "tags": ["x_refsource_MISC"], "url": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"}, {"name": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2", "tags": ["x_refsource_MISC"], "url": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"version": ">= 1.25.0, < 1.25.3", "status": "affected"}, {"version": ">= 1.24.0, < 1.24.4", "status": "affected"}, {"version": ">= 1.23.0, < 1.23.6", "status": "affected"}, {"version": "< 1.22.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-04T18:18:23.433Z"}, "descriptions": [{"lang": "en", "value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9."}], "source": {"advisory": "GHSA-5jmv-cw9p-f9rp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:16:35.377Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"}, {"name": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"}, {"name": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"}, {"name": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAD93214-C958-4A69-9291-15D1C22CFD3F", "versionEndExcluding": "1.22.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "17BFB303-DA5A-4E83-93F7-3C1EA340E434", "versionEndExcluding": "1.23.6", "versionStartIncluding": "1.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "92B633B8-FA4A-4630-9302-96F2C8336E36", "versionEndExcluding": "1.24.4", "versionStartIncluding": "1.24.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AFC6741-6FDF-47F6-A4AF-B5F5233ABB71", "versionEndExcluding": "1.25.3", "versionStartIncluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9."}], "id": "CVE-2023-27491", "lastModified": "2023-04-11T14:43:10.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-04-04T19:15:07.150", "references": [{"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"}, {"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"}, {"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4623", "cpe": "cpe:/a:redhat:service_mesh:2.2::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.2.9-2", "product_name": "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date": "2023-08-11T00:00:00Z"}], "bugzilla": {"description": "envoy: Envoy forwards invalid HTTP/2 and HTTP/3 downstream", "id": "2179138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179138"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.", "A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service."], "name": "CVE-2023-27491", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "servicemesh-proxy", "product_name": "OpenShift Service Mesh 2.1"}], "public_date": "2023-04-04T19:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-27491\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27491\nhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"], "threat_severity": "Moderate"}