Back to bug 2217987
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2023-06-27 18:48:44 UTC | CC | security-response-team | |
| Anten Skrabec | 2023-06-27 20:06:55 UTC | Doc Text | A flaw was found in envoy where if an origin header is configured to be removed with request_headers_to_remove: origin, CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeaders and encodeHeaders. | |
| Anten Skrabec | 2023-06-27 20:07:05 UTC | Summary | EMBARGOED TRIAGE envoy: CORS filter segfault when origin header is removed | EMBARGOED envoy: CORS filter segfault when origin header is removed |
| Chess Hazlett | 2023-07-06 21:55:56 UTC | Summary | EMBARGOED envoy: CORS filter segfault when origin header is removed | EMBARGOED CVE-2023-35943 envoy: CORS filter segfault when origin header is removed |
| Alias | CVE-2023-35943 | |||
| Red Hat Bugzilla | 2023-07-06 21:55:56 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2023-07-07 08:31:29 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | |||
| RaTasha Tillery-Smith | 2023-07-07 12:36:39 UTC | Doc Text | A flaw was found in envoy where if an origin header is configured to be removed with request_headers_to_remove: origin, CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeaders and encodeHeaders. | A flaw was found in Envoy. Suppose an origin header is configured to be removed with request_headers_to_remove: origin. The CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeaders and encodeHeaders. |
| Anten Skrabec | 2023-07-11 22:34:36 UTC | Deadline | 2023-07-18 | 2023-07-25 |
| Anten Skrabec | 2023-07-26 16:34:39 UTC | Summary | EMBARGOED CVE-2023-35943 envoy: CORS filter segfault when origin header is removed | CVE-2023-35943 envoy: CORS filter segfault when origin header is removed |
| Deadline | 2023-07-25 | |||
| Group | qe_staff, security | |||
| errata-xmlrpc | 2023-08-11 16:48:20 UTC | Link ID | Red Hat Product Errata RHSA-2023:4624 | |
| errata-xmlrpc | 2023-08-11 16:49:04 UTC | Link ID | Red Hat Product Errata RHSA-2023:4625 | |
| Product Security DevOps Team | 2023-08-11 21:36:45 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-08-11 21:36:45 UTC |
Back to bug 2217987