Fedora Account System
Red Hat Associate
Red Hat Customer
Specifically crafter response from an untrusted upstream service can cause the denial of service through memory exhaustion. This is caused by Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately followed by the GOAWAY frames from an upstream server.
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.3 for RHEL 8 Via RHSA-2023:4624 https://access.redhat.com/errata/RHSA-2023:4624
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-35945
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.2 for RHEL 8 Via RHSA-2023:5175 https://access.redhat.com/errata/RHSA-2023:5175