Home > Vulnerability Database > CVE-2023-35943

Mend.io Vulnerability Database

CVE-2023-35943

Date: July 25, 2023

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the "origin" header is removed and deleted between "decodeHeaders"and "encodeHeaders". Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the "origin" header in the Envoy configuration.

Language: C++

Severity Score

6.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-35943

Url: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq

Url: https://www.mend.io/vulnerability-database/CVE-2023-35943

Severity Score

6.3

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-35943

Date: July 25, 2023

Language: C++

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?