Envoy Proxy Use After Free Vulnerability - CVE-2023-35943 - Vulnerability Database

Envoy Proxy Use After Free Vulnerability - CVE-2023-35943

High
Reference: CVE-2023-35943
Title: Envoy Proxy Use After Free Vulnerability
Overview:

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0 1.26.4 1.25.9 1.24.10 and 1.23.12 the CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeadersand encodeHeaders. Versions 1.27.0 1.26.4 1.25.9 1.24.10 and 1.23.12 have a fix for this issue. As a workaround do not remove the origin header in the Envoy configuration.