[Zero-Day] [Envoy] Upcoming security release of Envoy for a memory leak fix in nghttp2 codec

23 views

Skip to first unread message

unread,

Jul 12, 2023, 7:17:14 PM7/12/23

to envoy-secur...@googlegroups.com, envoy-a...@googlegroups.com, envoy-s...@googlegroups.com, envoy-ma...@googlegroups.com

Hello Envoy Community,

We are announcing a fix for a zero day related to a memory leak in the nghttp2 codec. Here is the CVE-2023-35945.

The patches can be seen here, we are working to publish releases for all supported branches soon. Will keep the community posted.

Thanks,
Boteng (on behalf of the Envoy security team and maintainers)

Reply all

Reply to author

Forward

0 new messages