Lucene search
GoogleOSV:CVE-2023-41378HistoryNov 06, 2023 - 4:15 p.m.
CVE-2023-41378
2023-11-0616:15:42
Google
osv.dev
4
calico
typha
enterprise
tls handshake
vulnerability
0.001 Low
EPSS
Percentile
21.4%
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.
Related
nvd
nvd
CVE-2023-41378
2023-11-06 16:15:42
veracode
veracode
Denial Of Service (DoS)
2023-11-07 06:41:08
github
github
Calico Typha denial of service vulnerability
2023-11-06 18:30:19
cve
cve
CVE-2023-41378
2023-11-06 16:15:42
cvelist
cvelist
CVE-2023-41378 Calico Typha hangs during unclean TLS handshake
2023-11-06 15:00:53
prion
prion
Design/Logic Flaw
2023-11-06 16:15:00
osv
osv
Calico Typha denial of service vulnerability
2023-11-06 18:30:19
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0690
2023-11-22 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0152
2023-11-22 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0518
2023-11-22 00:00:00