ISTIO-SECURITY-2023-002
CVE reported by Envoy.
Disclosure Details | |
---|---|
CVE(s) | CVE-2023-35945 |
CVSS Impact Score | 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Affected Releases | All releases prior to 1.16.0 1.16.0 to 1.16.5 1.17.0 to 1.17.3 1.18.0 |
CVE
Envoy CVEs
- CVE-2023-35945: (CVSS Score 7.5, High):
HTTP/2 memory leak in
nghttp2
codec.
Am I Impacted?
If you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.