CVE-2023-35945

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 13, 2023
Updated: Oct 24, 2023
CWE ID 400
CWE ID 459

Summary

CVE-2023-35945 is a high-severity vulnerability affecting the Envoy cloud-native proxy. This vulnerability exists in Envoy's HTTP/2 codec and can lead to a memory leak and denial of service if an upstream server sends an immediate `RST_STREAM` followed by `GOAWAY` frames. The vulnerability is caused by a cleanup code that skips de-allocation of bookkeeping structures and compressed headers. The affected versions of Envoy have been patched, with versions 1.26.3, 1.25.8, 1.24.9, and 1.23.11 containing the fix. The vulnerability poses a potential danger to organizations using Envoy as it can be exploited to exhaust memory resources and disrupt services.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35945 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options