Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
Metrics
Affected Vendors & Products
References
History
Thu, 31 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-13T20:41:15.690Z
Updated: 2024-10-31T16:24:53.808Z
Reserved: 2023-06-20T14:02:45.597Z
Link: CVE-2023-35945
Vulnrichment
Updated: 2024-08-02T16:37:40.544Z
NVD
Status : Modified
Published: 2023-07-13T21:15:08.880
Modified: 2024-11-21T08:09:01.860
Link: CVE-2023-35945
Redhat