Veracode Vulnerability DatabaseVERACODE:44168Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%
github.com/projectcalico/calico is vulnerable to Denial Of Service (DoS). The vulnerability exists because the TLS Handshake() call is executed within the main server handle loop without any timeout mechanism. This means that an incomplete or unclean TLS handshake can potentially block the main loop indefinitely. As a result, other connections will be left idle, waiting for that handshake to complete, ultimately leading to a situation that can crash the application
References
github.com/advisories/GHSA-5r5h-q934-cccp
github.com/projectcalico/calico/commit/79e79ece45ae5aa9b667064751f6af7238247c03
github.com/projectcalico/calico/commit/952d9653ecf7659a361568c95aacc621b94cd161
github.com/projectcalico/calico/issues/7908
github.com/projectcalico/calico/pull/7908
github.com/projectcalico/calico/pull/7976
github.com/projectcalico/calico/pull/7993
www.tigera.io/security-bulletins-tta-2023-001/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%