Lucene search
GoogleOSV:CVE-2023-35943HistoryJul 25, 2023 - 7:15 p.m.
CVE-2023-35943
2023-07-2519:15:11
Google
osv.dev
1
envoy
cors filter
vulnerability fix
versions 1.27.0
1.26.4
1.25.9
1.24.10
1.23.12
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeadersand encodeHeaders. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the origin header in the Envoy configuration.
Related
nvd
nvd
CVE-2023-35943
2023-07-25 19:15:11
cvelist
cvelist
osv
osv
BIT-envoy-2023-35943
2024-03-06 10:52:59
redhatcve
redhatcve
CVE-2023-35943
2023-07-26 16:47:56
cve
cve
CVE-2023-35943
2023-07-25 19:15:11
veracode
veracode
Denial Of Service (DoS)
2023-07-27 10:39:08
prion
prion
Code injection
2023-07-25 19:15:00
oraclelinux
oraclelinux
olcne security update
2023-09-11 00:00:00
istio security update
2023-09-08 00:00:00
istio security update
2023-09-06 00:00:00
nessus
nessus
Oracle Linux 8 : olcne (ELSA-2023-12772)
2023-09-11 00:00:00
Oracle Linux 9 : istio (ELSA-2023-12771)
2023-09-18 00:00:00
Oracle Linux 7 : istio (ELSA-2023-12781)
2023-09-08 00:00:00
redhat
redhat