CVE-2022-23606

Name of the Vulnerable Software and Affected Versions Envoy (affected versions not specified)

Description Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS), all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash.

Recommendations Users are advised to upgrade. At the moment, there is no information about a newer version that contains a fix for this vulnerability.