istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/en/news/security/istio-security-2023-002/index.md

731 B
Raw Permalink Blame History

title subtitle description cves cvss vector releases publishdate keywords skip_seealso
ISTIO-SECURITY-2023-002 Security Bulletin CVE reported by Envoy.
CVE-2023-35945
7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
All releases prior to 1.16.0
1.16.0 to 1.16.5
1.17.0 to 1.17.3
1.18.0
2023-07-14
CVE
true

{{< security_bulletin >}}

CVE

Envoy CVEs

  • CVE-2023-35945: (CVSS Score 7.5, High): HTTP/2 memory leak in nghttp2 codec.

Am I Impacted?

If you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.