Back to bug 2217983
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2023-06-27 18:40:17 UTC | CC | security-response-team | |
| Anten Skrabec | 2023-06-27 20:01:16 UTC | Fixed In Version | envoy 1.26.3, envoy 1.25.8, envoy 1.24.9, envoy 1.23.11 | |
| Anten Skrabec | 2023-06-27 20:03:02 UTC | Doc Text | A flaw was found in envoy where a specifically crafted response from an untrusted upstream service can cause the denial of service through memory exhaustion. This is caused by Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately followed by the GOAWAY frames from an upstream server. | |
| Anten Skrabec | 2023-06-27 20:04:58 UTC | Summary | EMBARGOED TRIAGE envoy: HTTP/2 memory leak in nghttp2 codec | EMBARGOED envoy: HTTP/2 memory leak in nghttp2 codec |
| Chess Hazlett | 2023-07-06 21:54:47 UTC | Alias | CVE-2023-35945 | |
| Summary | EMBARGOED envoy: HTTP/2 memory leak in nghttp2 codec | EMBARGOED CVE-2023-35945 envoy: HTTP/2 memory leak in nghttp2 codec | ||
| Red Hat Bugzilla | 2023-07-06 21:54:47 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2023-07-07 08:33:12 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody | ||
| RaTasha Tillery-Smith | 2023-07-07 12:32:02 UTC | Doc Text | A flaw was found in envoy where a specifically crafted response from an untrusted upstream service can cause the denial of service through memory exhaustion. This is caused by Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately followed by the GOAWAY frames from an upstream server. | A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoy’s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY frames from an upstream server. |
| Anten Skrabec | 2023-07-11 22:34:41 UTC | Deadline | 2023-07-18 | 2023-07-25 |
| TEJ RATHI | 2023-07-13 04:55:28 UTC | CC | csutherl, jamacku, jclere, mturk, peholase, pjindal, plodge, szappis, zsvetlik | |
| TEJ RATHI | 2023-07-13 11:51:57 UTC | CC | jamacku, zsvetlik | |
| Anten Skrabec | 2023-07-13 18:20:29 UTC | Group | security, qe_staff | |
| Deadline | 2023-07-25 | |||
| Summary | EMBARGOED CVE-2023-35945 envoy: HTTP/2 memory leak in nghttp2 codec | CVE-2023-35945 envoy: HTTP/2 memory leak in nghttp2 codec | ||
| Anten Skrabec | 2023-07-13 18:21:37 UTC | CC | jamacku, nodejs-maint, zsvetlik | |
| Anten Skrabec | 2023-07-13 18:22:45 UTC | CC | jamacku, nodejs-maint, zsvetlik | |
| errata-xmlrpc | 2023-08-11 16:48:20 UTC | Link ID | Red Hat Product Errata RHSA-2023:4624 | |
| Product Security DevOps Team | 2023-08-11 21:34:45 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-08-11 21:34:45 UTC |
Back to bug 2217983