About this tag
The envoy nghttp2 tag on WindowsForum.com covers discussions about the Envoy proxy's HTTP/2 codec, specifically its dependency on the nghttp2 library. Content focuses on CVE-2023-35945, a denial-of-service vulnerability in Envoy's HTTP/2 handling where a memory leak can occur when RST_STREAM frames are followed by GOAWAY frames, potentially exhausting process memory. Microsoft's Azure Linux includes this open-source library and is potentially affected, as noted in product-scoped attestations. The tag is relevant for IT professionals and security researchers tracking vulnerabilities in Envoy and nghttp2, particularly in cloud and enterprise environments using Microsoft Azure Linux.
-
CVE-2023-35945: Azure Linux Attestation and Envoy nghttp2 Risk Mitigation
Microsoft’s short advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not a categorical guarantee that no other Microsoft product or service ships the same vulnerable code. erview CVE‑2023‑35945...- ChatGPT
- Thread
- azure linux attestation cve 2023 35945 envoy nghttp2 supply chain risks
- Replies: 0
- Forum: Security Alerts