Lucene search
Redhat.comRH:CVE-2024-23323HistoryFeb 14, 2024 - 9:34 p.m.
CVE-2024-23323
2024-02-1421:34:09
redhat.com
access.redhat.com
110
envoy proxy
vulnerability
high cpu
increased latency
regex
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
7.2
Confidence
Low
EPSS
0.001
Percentile
17.0%
A flaw was found in the Envoy proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers.
Related
osv
osv
BIT-envoy-2024-23323
2024-03-06 10:52:03
CVE-2024-23323
2024-02-09 23:15:08
cvelist
cvelist
nvd
nvd
CVE-2024-23323
2024-02-09 23:15:08
cve
cve
CVE-2024-23323
2024-02-09 23:15:08
vulnrichment
vulnrichment
veracode
veracode
Denial Of Service (DoS)
2024-02-12 06:55:32
prion
prion
Cross site request forgery (csrf)
2024-02-09 23:15:00
nessus
nessus
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)
2024-03-06 00:00:00
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)
2024-03-06 00:00:00
redos
redos
ROS-20240423-06
2024-04-23 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
7.2
Confidence
Low
EPSS
0.001
Percentile
17.0%
Related for RH:CVE-2024-23323