Back to bug 2217978
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2023-06-27 18:27:54 UTC | CC | security-response-team | |
| Anten Skrabec | 2023-06-27 19:46:31 UTC | Fixed In Version | envoy 1.26.3, envoy 1.25.8, envoy 1.24.9, envoy 1.23.11 | |
| Anten Skrabec | 2023-06-27 19:46:58 UTC | Doc Text | A flaw was found in envoy where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This can be triggered by LDS update with same gRPC access log configuration. |
|
| Anten Skrabec | 2023-06-27 20:05:07 UTC | Summary | EMBARGOED TRIAGE envoy: gRPC access log crash caused by the listener draining | EMBARGOED envoy: gRPC access log crash caused by the listener draining |
| Chess Hazlett | 2023-07-06 21:54:31 UTC | Summary | EMBARGOED envoy: gRPC access log crash caused by the listener draining | EMBARGOED CVE-2023-35942 envoy: gRPC access log crash caused by the listener draining |
| Alias | CVE-2023-35942 | |||
| Red Hat Bugzilla | 2023-07-06 21:54:31 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2023-07-07 08:31:39 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody | ||
| RaTasha Tillery-Smith | 2023-07-07 12:29:59 UTC | Doc Text | A flaw was found in envoy where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This can be triggered by LDS update with same gRPC access log configuration. | A flaw was found in envoy where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration. |
| RaTasha Tillery-Smith | 2023-07-07 12:32:54 UTC | Doc Text | A flaw was found in envoy where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration. | A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration. |
| Anten Skrabec | 2023-07-11 22:34:43 UTC | Deadline | 2023-07-18 | 2023-07-25 |
| Anten Skrabec | 2023-07-26 16:34:25 UTC | Group | qe_staff, security | |
| Summary | EMBARGOED CVE-2023-35942 envoy: gRPC access log crash caused by the listener draining | CVE-2023-35942 envoy: gRPC access log crash caused by the listener draining | ||
| Deadline | 2023-07-25 | |||
| errata-xmlrpc | 2023-08-11 16:48:18 UTC | Link ID | Red Hat Product Errata RHSA-2023:4624 | |
| Product Security DevOps Team | 2023-08-11 21:33:45 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-11 21:33:45 UTC |
Back to bug 2217978