ISTIO-SECURITY-2023-004

{{< security_bulletin >}}

CVE

Envoy CVE

• CVE-2023-44487: (CVSS Score 7.5, High): HTTP/2 denial of service

Go CVE

• CVE-2023-39325: (CVSS Score 7.5, High): HTTP/2 denial of service

Am I Impacted?

You are impacted If you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.