#VU81728 Resource exhaustion in envoy - CVE-2023-44487


| Updated: 2024-12-06

Vulnerability identifier: #VU81728

Vulnerability risk: High

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2023-44487

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
envoy
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cloud Native Computing Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

envoy: 1.24.0 - 1.27.0

External links
https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Dell APEX Cloud Platform for Microsoft Azure update for third-party components
Ubuntu update for h2o
Ubuntu update for nodejs
Ubuntu update for trafficserver
Ubuntu update for tomcat8
Multiple vulnerabilities in IBM webMethods Managed File Transfer
Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components
Multiple vulnerabilities in IBM Installation Manager and IBM Packaging Utility
Ubuntu update for tomcat9
IBM Storage Fusion Data Foundation update for RHEL UBI