nvd-json-data-feeds/CVE-2022/CVE-2022-236xx/CVE-2022-23606.json

{
  "id": "CVE-2022-23606",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2022-02-22T23:15:11.337",
  "lastModified": "2024-11-21T06:48:55.100",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade."
    },
    {
      "lang": "es",
      "value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. Cuando se elimina un cl\u00faster a trav\u00e9s del Servicio de Descubrimiento de Cl\u00fasteres (CDS), se desconectan todas las conexiones inactivas establecidas con los puntos finales de ese cl\u00faster. Se introdujo una recursi\u00f3n en el procedimiento de desconexi\u00f3n de las conexiones inactivas que puede llevar al agotamiento de la pila y a la terminaci\u00f3n anormal del proceso cuando un cl\u00faster tiene un gran n\u00famero de conexiones inactivas. Esta recursi\u00f3n infinita hace que Envoy se bloquee. Se aconseja a los usuarios que actualicen"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 3.6
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "baseScore": 4.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.20.0",
              "versionEndExcluding": "1.20.2",
              "matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:envoyproxy:envoy:1.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0F077C-1153-43C1-88E2-5E41FDE5C6E9"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf",
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}