Lucene search
GoogleOSV:CVE-2023-35942HistoryJul 25, 2023 - 7:15 p.m.
CVE-2023-35942
2023-07-2519:15:11
Google
osv.dev
5
envoy
open source
proxy
vulnerability
grpc
access loggers
use-after-free
crash
listener
drained
fix
workaround
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener’s global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.
Related
veracode
veracode
Denial Of Service (DoS)
2023-07-27 09:59:32
cvelist
cvelist
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining
2023-07-25 18:24:11
redhatcve
redhatcve
CVE-2023-35942
2023-07-26 16:47:45
prion
prion
Design/Logic Flaw
2023-07-25 19:15:00
osv
osv
BIT-envoy-2023-35942
2024-03-06 10:53:10
nvd
nvd
CVE-2023-35942
2023-07-25 19:15:11
cve
cve
CVE-2023-35942
2023-07-25 19:15:11
nessus
nessus
Oracle Linux 8 : olcne (ELSA-2023-12772)
2023-09-11 00:00:00
Oracle Linux 9 : istio (ELSA-2023-12771)
2023-09-18 00:00:00
Oracle Linux 7 : istio (ELSA-2023-12781)
2023-09-08 00:00:00
oraclelinux
oraclelinux
istio security update
2023-09-06 00:00:00
istio security update
2023-09-08 00:00:00
istio security update
2023-09-08 00:00:00
redhat
redhat