ISTIO-SECURITY-2023-002

{{< security_bulletin >}}

CVE

Envoy CVEs

• CVE-2023-35945: (CVSS Score 7.5, High): HTTP/2 memory leak in nghttp2 codec.

Am I Impacted?

If you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.