diff options
| author | Yogita Urade <yogita.urade@windriver.com> | 2023-09-05 05:03:46 +0000 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-09-13 06:21:25 -1000 |
| commit | 1dc70a8da594fa32119578b6ef81f100b8828e51 (patch) | |
| tree | cf03e75c6d8aa101111562fe7de99336876f7e12 /documentation/set_versions.py | |
| parent | 643cbec1d9c347c99ddea916bd48c33ce65e5137 (diff) | |
| download | poky-1dc70a8da594fa32119578b6ef81f100b8828e51.tar.gz | |
nghttp2: fix CVE-2023-35945
Envoy is a cloud-native high-performance edge/middle/service
proxy. Envoy’s HTTP/2 codec may leak a header map and
bookkeeping structures upon receiving `RST_STREAM` immediately
followed by the `GOAWAY` frames from an upstream server. In
nghttp2, cleanup of pending requests due to receipt of the
`GOAWAY` frame skips de-allocation of the bookkeeping structure
and pending compressed header. The error return [code path] is
taken if connection is already marked for not sending more
requests due to `GOAWAY` frame. The clean-up code is right after
the return statement, causing memory leak. Denial of service
through memory exhaustion. This vulnerability was patched in
versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-35945
https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
(From OE-Core rev: 18277a43f7fd6522a67f194f40595bc378468733)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'documentation/set_versions.py')
0 files changed, 0 insertions, 0 deletions