CVE-2023-35945Uncontrolled Resource Consumption in Envoy

CWE-400Uncontrolled Resource ConsumptionCWE-459Incomplete Cleanup9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 68.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Nghttp2Envoyproxy EnvoyPaloalto Cloud Ngfw+7 more
Timeline
PublishedJul 13
Latest updateFeb 26

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages12 packages

NVDnghttp2/nghttp2< 1.55.1
NVDenvoyproxy/envoy1.24.01.24.9+3
Alpinenghttp2/nghttp2< 1.46.0-r1+2
CVEListV5envoyproxy/envoy4 versions+3

🔴Vulnerability Details

2
CVEList
Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec2023-07-13
OSV
CVE-2023-35945: Envoy is a cloud-native high-performance edge/middle/service proxy2023-07-13

📋Vendor Advisories

6
CISA ICS
Schneider Electric EcoStruxure Power Operation (Update A)2026-02-26
CISA ICS
Siemens SINEC NMS2024-02-15
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12023-12-14
Palo Alto
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)2023-10-11
Red Hat
envoy: HTTP/2 memory leak in nghttp2 codec2023-07-13