CVE-2023-20882Uncontrolled Resource Consumption in Routing Release

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 60.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cloudfoundry Cf-deploymentCloudfoundry Routing ReleasePivotal Cloud Foundry Routing Release
Timeline
PublishedMay 26

Description

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDcloudfoundry/routing_release0.262.00.266.0
CVEListV5pivotal/cloud_foundry_routing_releaseRouting release versions from 0.262.0 and prior to 0.266.0
NVDcloudfoundry/cf-deployment27.4.029.0.0

🔴Vulnerability Details

2
CVEList
CVE-2023-20882: In Cloud foundry routing release versions from 02023-05-26
GHSA
GHSA-f2f8-4q6m-2pw8: In Cloud foundry routing release versions from 02023-05-26
CVE-2023-20882 — Uncontrolled Resource Consumption | cvebase