Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C
Calico Typha denial of service vulnerability
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.
Permalink: https://github.com/advisories/GHSA-5r5h-q934-cccpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00077
EPSS Percentile: 0.34522
Identifiers: GHSA-5r5h-q934-cccp, CVE-2023-41378
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-41378
- https://github.com/projectcalico/calico/pull/7908
- https://github.com/projectcalico/calico/pull/7993
- https://www.tigera.io/security-bulletins-tta-2023-001/
- https://github.com/projectcalico/calico/commit/2ebc1f92ecc39332cf1d55ba676d9101af24982f
- https://github.com/projectcalico/calico/commit/ad8bd001e650ec7742ac30e58247e7eef5956125
- https://github.com/advisories/GHSA-5r5h-q934-cccp
Blast Radius: 6.3
Affected Packages
go:github.com/projectcalico/calico
Dependent packages: 5Dependent repositories: 7
Downloads:
Affected Version Ranges: <= 3.25.1, >= 3.26.0, < 3.26.3
Fixed in: , 3.26.3
All affected versions: 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.11.0, 3.11.1, 3.11.2, 3.11.3, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.13.0, 3.13.1, 3.13.3, 3.13.4, 3.14.0, 3.14.1, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.15.5, 3.16.0, 3.16.1, 3.16.2, 3.16.3, 3.16.4, 3.16.5, 3.16.6, 3.16.7, 3.16.8, 3.16.9, 3.16.10, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.17.4, 3.17.5, 3.17.6, 3.18.0, 3.18.1, 3.18.2, 3.18.3, 3.18.4, 3.18.5, 3.18.6, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.19.4, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.21.0, 3.21.1
All unaffected versions: