Lucene search
Redhat.comRH:CVE-2023-35942HistoryJul 26, 2023 - 4:47 p.m.
CVE-2023-35942
2023-07-2616:47:45
redhat.com
access.redhat.com
101
envoy
grpc
access log
use-after-free
flaw
cve-2023-35942
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
31.1%
A flaw was found in Envoy, where gRPC access loggers using the listener’s global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration.
Related
cvelist
cvelist
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining
2023-07-25 18:24:11
veracode
veracode
Denial Of Service (DoS)
2023-07-27 09:59:32
osv
osv
CVE-2023-35942
2023-07-25 19:15:11
BIT-envoy-2023-35942
2024-03-06 10:53:10
prion
prion
Design/Logic Flaw
2023-07-25 19:15:00
nvd
nvd
CVE-2023-35942
2023-07-25 19:15:11
cve
cve
CVE-2023-35942
2023-07-25 19:15:11
nessus
nessus
Oracle Linux 9 : istio (ELSA-2023-12771)
2023-09-18 00:00:00
Oracle Linux 8 : olcne (ELSA-2023-12772)
2023-09-11 00:00:00
Oracle Linux 8 : istio (ELSA-2023-12780)
2023-09-08 00:00:00
oraclelinux
oraclelinux
istio security update
2023-09-06 00:00:00
istio security update
2023-09-08 00:00:00
istio security update
2023-09-08 00:00:00
redhat
redhat
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
31.1%
Related for RH:CVE-2023-35942