Search for vulnerabilities
Vulnerability details: VCID-bktx-3fbw-aaag
Vulnerability ID VCID-bktx-3fbw-aaag
Aliases CVE-2023-35945
Summary Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-459 Incomplete Cleanup
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35945.json
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2023-35945
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-35945
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-35945
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35945.json
https://api.first.org/data/v1/epss?cve=CVE-2023-35945
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346
2217983 https://bugzilla.redhat.com/show_bug.cgi?id=2217983
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*
CVE-2023-35945 https://nvd.nist.gov/vuln/detail/CVE-2023-35945
ISTIO-SECURITY-2023-002 https://istio.io/latest/news/security/ISTIO-SECURITY-2023-002/
RHSA-2023:4624 https://access.redhat.com/errata/RHSA-2023:4624
RHSA-2023:4625 https://access.redhat.com/errata/RHSA-2023:4625
RHSA-2023:5175 https://access.redhat.com/errata/RHSA-2023:5175
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35945.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-35945
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-35945
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.19319
EPSS Score 0.00073
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.