CVE-2023-41378

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-41378

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41378.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41378

Aliases

GHSA-5r5h-q934-cccp

Related

Withdrawn

2024-05-15T05:32:14.250208Z

Published

2023-11-06T16:15:42Z

Modified

2023-11-14T17:48:01Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.

References

Affected packages

Git / github.com/projectcalico/calico

Affected ranges

Type: GIT
Repo: https://github.com/projectcalico/calico
Events: Introduced

2e0037d80aa84c7caedcb7ddd5e90a3003a2d9d6

Fixed

663591f0e46ce8d242a7e5a19f14a139143a2f39

Introduced

3c3aa6d8c30d22aee4bb1b2aa3cdefbd99a66857

Introduced

1bd249b2684d25429bd2e00c964d1daa994ae901