You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.
mend-for-github-combot
changed the title
CVE-2023-35942 (Medium) detected in envoy1.12.0-alpha.1
CVE-2023-35942 (Medium) detected in envoy1.12.0-alpha.1 - autoclosed
May 19, 2024
CVE-2023-35942 - Medium Severity Vulnerability
Vulnerable Library - envoy1.12.0-alpha.1
Fork of Envoy used for testing and tinkering as part of the Istio dev process
Library home page: https://github.com/istio/envoy.git
Found in base branch: main
Vulnerable Source Files (1)
Vulnerability Details
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a
use-after-free
crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.Publish Date: 2023-07-25
URL: CVE-2023-35942
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-69vr-g55c-v2v4
Release Date: 2023-07-25
Fix Resolution: v1.23.12,v1.24.10,v1.25.9
The text was updated successfully, but these errors were encountered: