Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bp/1.25] CVE/http: Fix memory leak in nghttp2 codec #28370

Merged
merged 1 commit into from
Jul 13, 2023
Merged

[bp/1.25] CVE/http: Fix memory leak in nghttp2 codec #28370

merged 1 commit into from
Jul 13, 2023

Conversation

phlax
Copy link
Member

@phlax phlax commented Jul 12, 2023

Fix memory leak in nghttp2 when it processes pending requests after receiving the GOAWAY frame.

Fix GHSA-jfxv-29pc-x22r

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

@repokitteh-read-only repokitteh-read-only bot added the deps Approval required for changes to Envoy's external dependencies label Jul 12, 2023
@repokitteh-read-only
Copy link

CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).
envoyproxy/dependency-shepherds assignee is @moderation

🐱

Caused by: #28370 was opened by phlax.

see: more, trace.

@repokitteh-read-only repokitteh-read-only bot removed the deps Approval required for changes to Envoy's external dependencies label Jul 12, 2023
@moderation
Copy link
Contributor

/lgtm deps

@yanavlasov @phlax
http: Fix memory leak in nghttp2 codec
1ce24b0 
Fix memory leak in nghttp2 when it processes pending requests after
receiving the GOAWAY frame.

Signed-off-by: Yan Avlasov <yavlasov@google.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
@phlax phlax added this to the 1.25.8 milestone Jul 13, 2023
@phlax phlax merged commit 894be19 into envoyproxy:release/v1.25 Jul 13, 2023
71 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RyanTheOptimist RyanTheOptimist RyanTheOptimist left review comments

Assignees

@moderation moderation

Labels
None yet
Projects
None yet
Milestone
1.25.8
Development

Successfully merging this pull request may close these issues.
4 participants
@phlax @moderation @RyanTheOptimist @yanavlasov