CVE-2023-35945
published 2023-07-13CVE-2023-35945: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.11%
61.7th percentile
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| envoyproxy | envoy | < 1.23.11 | 1.23.11 |
| envoyproxy | envoy | — | — |
| envoyproxy | envoy | — | — |
| envoyproxy | envoy | — | — |
| envoyproxy | envoy | — | — |
| envoyproxy | envoy | >= 1.24.0 < 1.24.9 | 1.24.9 |
| envoyproxy | envoy | >= 1.25.0 < 1.25.8 | 1.25.8 |
| envoyproxy | envoy | >= 1.26.0 < 1.26.3 | 1.26.3 |
| msrc | azl3_cmake_3.30.3-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cmake_3.21.4-8_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nghttp2_1.46.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nodejs18_18.17.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nodejs_16.20.2-2_on_cbl_mariner_2.0 | — | — |
| nghttp2 | nghttp2 | < 1.55.1 | 1.55.1 |
| nghttp2 | nghttp2 | >= 0 < 1.46.0-r1 | 1.46.0-r1 |
| nghttp2 | nghttp2 | >= 0 < 1.47.0-r1 | 1.47.0-r1 |
| nghttp2 | nghttp2 | >= 0 < 1.51.0-r1 | 1.51.0-r1 |
| paloalto | cloud_ngfw | — | — |
| paloalto | cortex_xdr | — | — |
| paloalto | cortex_xdr_agent | — | — |
| paloalto | globalprotect_app | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric EcoStruxure Power Operation (Update A)
cisa_ics·2026-02-26·CVSS 9.8
[CRITICAL] Schneider Electric EcoStruxure Power Operation (Update A)
ICS Advisory
##
Schneider Electric EcoStruxure Power Operation (Update A)
Last RevisedFebruary 26, 2026
Alert CodeICSA-25-203-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions.
The following versions of Schneider Electric EcoStruxure Power Operation (Update A) are affected:
- EcoStruxure Power Operation (EPO) 2022 <=CU6 (CVE-2023-50447, CVE-2024-28219, CVE-2022-45198, CVE-2023-5217, CVE-2023-35945, CVE-2023-44487)
- EcoStruxure Power Operation (EPO) 2024 <=CU1 (CVE-2023-50447, CVE-2024-28219, CVE-2022-45198, CVE-2023-5217, CVE-2023-35945, CVE-2023-44487)
CVS
CISA ICS
Siemens SINEC NMS
cisa_ics·2024-02-15
Siemens SINEC NMS
ICS Advisory
##
Siemens SINEC NMS
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-15
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC NMS
- Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, Use After Free, NULL Pointer Dereference, Improper Input Validation, Missing Encryption of Sensitive Data, Allocation of Resources Wit
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Palo Alto
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
vendor_paloalto·2023-10-11·CVSS 7.5
CVE-2023-44487 [HIGH] CWE-400 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service (DoS) vulnerabilities in the HTTP/2 protocol including Rapid Reset (CVE-2023-44487) and CVE-2023-35945.
If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-service (DDoS) attack in inspected traffic will contribute towards the session capacity limit of the firewall. This can result in the intermittent availability of new firewall sessions and is consistent in impact with other volumetric DDoS attacks. Availability of new firewall sessions will recover naturally once the DDoS attack stops. Customers who have enabled Threat prevention ID 40152 (Applications and Threats cont
Red Hat
envoy: HTTP/2 memory leak in nghttp2 codec
vendor_redhat·2023-07-13·CVSS 7.5
CVE-2023-35945 [HIGH] CWE-400 envoy: HTTP/2 memory leak in nghttp2 codec
envoy: HTTP/2 memory leak in nghttp2 codec
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
A flaw was found in Envoy, where a speci
Microsoft
Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec
vendor_msrc·2023-07-11·CVSS 7.5
CVE-2023-35945 [HIGH] CWE-459 Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec
Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https:/
OSV
CVE-2023-35945: Envoy is a cloud-native high-performance edge/middle/service proxy
osv·2023-07-13·CVSS 7.5
CVE-2023-35945 [HIGH] CVE-2023-35945: Envoy is a cloud-native high-performance edge/middle/service proxy
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22rhttps://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22rhttps://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346
2023-07-13
Published