Lucene search

K
redhatRedHatRHSA-2023:5175
HistorySep 14, 2023 - 5:30 p.m.

(RHSA-2023:5175) Important: Red Hat OpenShift Service Mesh 2.2.10 security update

2023-09-1417:30:14
access.redhat.com
10
rhsa-2023
istio service mesh
openshift container platform
security update
oauth2 credentials exploit
http requests
http/2
memory leak
cve-2023-35941
cve-2023-35944
cve-2023-35945
cvss score
references

0.002 Low

EPSS

Percentile

60.1%

Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Security Fix(es):

  • envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)

  • envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)

  • envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.