Description

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.

Remediation

References

CVE-2022-23606

Related Vulnerabilities

MySQL CVE-2017-3633 Vulnerability (CVE-2017-3633)

WordPress Plugin Post Pay Counter PHP Object Injection (2.730)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-26690)

WordPress Plugin IgnitionDeck Security Bypass (1.1.6)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)

Severity

Medium

Classification

CVE-2022-23606 CWE-674 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities