Lucene search
GoogleOSV:CVE-2022-23606HistoryFeb 22, 2022 - 11:15 p.m.
CVE-2022-23606
2022-02-2223:15:11
Google
osv.dev
10
envoy
proxy
vulnerability
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.
Related
redhatcve
redhatcve
CVE-2022-23606
2022-02-23 02:36:52
osv
osv
BIT-envoy-2022-23606
2024-03-06 10:55:43
prion
prion
Design/Logic Flaw
2022-02-22 23:15:00
veracode
veracode
Denial Of Service (DoS)
2022-06-02 20:46:58
cnvd
cnvd
Envoy has an unspecified vulnerability (CNVD-2022-16288)
2022-02-24 00:00:00
cvelist
cvelist
CVE-2022-23606 Crash when a cluster is deleted in Envoy
2022-02-22 22:20:13
cve
cve
CVE-2022-23606
2022-02-22 23:15:11
nvd
nvd
CVE-2022-23606
2022-02-22 23:15:11
redhat
redhat
nessus
nessus
RHEL 8 : Red Hat OpenShift Service Mesh 2.1.2 (RHSA-2022:1275)
2022-04-08 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 2.0.9 (RHSA-2022:1276)
2022-04-08 00:00:00