CVE-2023-35943 : Security Advisory and Response

Envoy vulnerable to CORS filter segfault when origin header is removed.

Understanding CVE-2023-35943

Envoy is an open-source edge and service proxy for cloud-native applications. CVE-2023-35943 highlights a vulnerability where the CORS filter in Envoy may cause the application to crash if the

origin

header is removed under specific conditions.

What is CVE-2023-35943?

The CVE-2023-35943 vulnerability affects versions of Envoy prior to 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12. When the

origin

header is removed and deleted between

decodeHeaders

and

encodeHeaders

, the CORS filter can trigger a segfault, leading to the application crashing.

The Impact of CVE-2023-35943

This vulnerability has a CVSS v3.1 base score of 6.3, indicating a medium severity impact. Attackers can exploit this issue to disrupt the availability of affected systems, potentially leading to service interruptions.

Technical Details of CVE-2023-35943

The following details provide insights into the vulnerability, affected systems, and exploitation methods.

Vulnerability Description

The CORS filter in Envoy crashes the application if the

origin

header is removed and conditions between

decodeHeaders

and

encodeHeaders

are met in versions prior to 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12.

Affected Systems and Versions

Envoy versions < 1.27.0, < 1.26.4, < 1.25.9, < 1.24.10, and < 1.23.12 are vulnerable to this issue. Ensure updating to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, or 1.23.12 to mitigate this vulnerability.

Exploitation Mechanism

To exploit this vulnerability, attackers need to send crafted requests that trigger the conditions where the

origin

header is removed at specific stages of processing.

Mitigation and Prevention

Protect your systems from CVE-2023-35943 with the following strategies.

Immediate Steps to Take

Update Envoy to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, or 1.23.12 to apply the necessary fixes.
Avoid removing the

origin

header within the Envoy configuration to prevent triggering the vulnerability.

Long-Term Security Practices

Regularly monitor Envoy security advisories and apply patches promptly.
Conduct security assessments to identify and address vulnerabilities proactively.
Implement defense-in-depth strategies to mitigate the impact of potential security flaws.

Patching and Updates

Keep Envoy updated to the latest stable versions to ensure that your systems are protected against known vulnerabilities and security issues.