Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-23323

Опубликовано: 09 фев. 2024
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A flaw was found in the Envoy proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2openshift-service-mesh/proxyv2-rhel8Affected
OpenShift Service Mesh 2servicemesh-proxyAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1176
https://bugzilla.redhat.com/show_bug.cgi?id=2259232envoy: Excessive CPU usage when URI template matcher is configured using regex

EPSS

Процентиль: 3%
0.00016
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-23323

CVSS3: 4.3
nvd
почти 2 года назад

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian логотип

CVE-2024-23323

CVSS3: 4.3
debian
почти 2 года назад

Envoy is a high-performance edge/middle/service proxy. The regex expre ...

fstec логотип

BDU:2024-03236

CVSS3: 6.5
fstec
почти 2 года назад

Уязвимость прокси-сервера Envoy, существующая из-за неконтролируемого потребления ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20240423-06

CVSS3: 7.5
redos
почти 2 года назад

Множественные уязвимости consul

EPSS

Процентиль: 3%
0.00016
Низкий

5.3 Medium

CVSS3