cbcvebase.
CVE-2023-35945
published 2023-07-13

CVE-2023-35945: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.11%
61.7th percentile
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
envoyproxyenvoy< 1.23.111.23.11
envoyproxyenvoy
envoyproxyenvoy
envoyproxyenvoy
envoyproxyenvoy
envoyproxyenvoy>= 1.24.0 < 1.24.91.24.9
envoyproxyenvoy>= 1.25.0 < 1.25.81.25.8
envoyproxyenvoy>= 1.26.0 < 1.26.31.26.3
msrcazl3_cmake_3.30.3-6_on_azure_linux_3.0
msrcazl3_rust_1.75.0-14_on_azure_linux_3.0
msrcazl3_rust_1.86.0-1_on_azure_linux_3.0
msrccbl2_cmake_3.21.4-8_on_cbl_mariner_2.0
msrccbl2_nghttp2_1.46.0-3_on_cbl_mariner_2.0
msrccbl2_nodejs18_18.17.1-2_on_cbl_mariner_2.0
msrccbl2_nodejs_16.20.2-2_on_cbl_mariner_2.0
nghttp2nghttp2< 1.55.11.55.1
nghttp2nghttp2>= 0 < 1.46.0-r11.46.0-r1
nghttp2nghttp2>= 0 < 1.47.0-r11.47.0-r1
nghttp2nghttp2>= 0 < 1.51.0-r11.51.0-r1
paloaltocloud_ngfw
paloaltocortex_xdr
paloaltocortex_xdr_agent
paloaltoglobalprotect_app
paloaltopan-os
paloaltoprisma_access

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.