CVE-2023-35945

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*

History

24 Oct 2023, 17:26

Type Values Removed Values Added
CPE cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*
First Time Nghttp2
Nghttp2 nghttp2

25 Jul 2023, 18:36

Type Values Removed Values Added
First Time Envoyproxy envoy
Envoyproxy
CPE cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
References (MISC) https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r - (MISC) https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r - Vendor Advisory
References (MISC) https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346 - (MISC) https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346 - Product
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-400 CWE-459

13 Jul 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-13 21:15

Updated : 2023-12-10 15:14


NVD link : CVE-2023-35945

Mitre link : CVE-2023-35945

CVE.ORG link : CVE-2023-35945


JSON object : View

Products Affected

envoyproxy

  • envoy

nghttp2

  • nghttp2
CWE
CWE-459

Incomplete Cleanup

CWE-400

Uncontrolled Resource Consumption