CVE-2023-35942

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 25, 2023

Updated: Aug 2, 2023

CWE ID 416

Summary

CVE-2023-35942 affects versions prior to 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 of Envoy, an open source edge and service proxy for cloud-native applications. The vulnerability involves use-after-free crashes in gRPC access loggers due to the listener's global scope. The issue is resolved in the aforementioned versions, but as a temporary solution, users can disable gRPC access logs or stop listener updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Envoyproxy Envoy

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sHQ-cq
https://www.cve.org/CVERecord?id=CVE-2023-35942
https://nvd.nist.gov/vuln/detail/CVE-2023-35942

Back to Vulnerability Database

CVE-2023-35942

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations