We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-41378

Calico Typha hangs during unclean TLS handshake



AssignerTigera
Reserved2023-08-29
Published2023-11-06
Updated2024-09-05

Description

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400 Uncontrolled Resource Consumption

CWE-703 Improper Check or Handling of Exceptional Conditions

Product status

Default status
0x40031f1980

v3.26.0
affected

Any version
affected

Default status
0x40031f19f0

v3.17.0
affected

v3.16.0
affected

Any version
affected

Credits

Rodrigo Fior Kuntzer (Github: rodrigorfk) 0x40031f1a80

Anthony Tam 0x40031f1aa0

Behnam Shobiri 0x40031f1ac0

Shaun Crampton 0x40031f1ae0

Matt Dupre 0x40031f1b00

References

https://www.tigera.io/security-bulletins-tta-2023-001/ vendor-advisory release-notes

https://github.com/projectcalico/calico/pull/7908 issue-tracking

https://github.com/projectcalico/calico/pull/7993 patch

cve.org CVE-2023-41378

nvd.nist.gov CVE-2023-41378

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-41378
Subscribe to our newsletter to learn more about our work.