CVSS 3.1 Score 7.5 of 10 (high)


Published Jul 25, 2023
Updated: Aug 2, 2023
CWE ID 416


CVE-2023-35943 is a vulnerability in Envoy, an open-source edge and service proxy used for cloud-native applications. Versions prior to 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 are affected by this vulnerability. The issue arises when the 'origin' header is removed and deleted between 'decodeHeaders' and 'encodeHeaders', causing Envoy to crash due to a segmentation fault caused by the CORS filter. The danger posed by this vulnerability is rated as high, with a base severity score of 7.5 out of 10 according to NIST's National Vulnerability Database (NVD). To remediate the vulnerability, users are advised to update their Envoy installations to versions that include the fix (1.27.0, 1.26.4, 1.25.9, 1.24.10, or 1.23.12), or alternatively, avoid removing the 'origin' header in the Envoy configuration as a temporary workaround. Note: The summary is based on the information provided but may not include all details about the vulnerability and its impact on different affected products and environments; additional research is recommended for a comprehensive understanding of the issue and mitigation steps specific to individual systems or organizations.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35943 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options