CVE-2023-41378

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 6, 2023

Updated: Nov 14, 2023

CWE ID 755

CWE ID 400

CWE ID 703

Summary

CVE-2023-41378 is a denial-of-service vulnerability affecting Calico Typha versions 3.26.2 and below, as well as Calico Enterprise Typha versions 3.17.1, 3.16.3, and 3.15.3. In these versions, the server's main handle loop does not include a timeout for the TLS handshake process. This means that a problematic client TLS handshake can block the server indefinitely, preventing new connections and leading to service disruption. The issue occurs during the TLS Handshake() call within the main server handle loop, allowing an unclean handshake to disrupt the normal flow of traffic indefinitely.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Tigera, Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database