CVE-2023-35943
CVSS V2 None
CVSS V3 None
Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.
Overview
- CVE ID
- CVE-2023-35943
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-25T18:26:23.571Z
- Last Modified Date
- 2023-07-25T18:26:23.571Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-35943 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35943 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 19:39:05 | Added to TrackCVE |