In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2023-20882-gorouter-pruning-via-client-disconnect-resulting-in-dos/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2023-05-26T00:00:00
Updated: 2023-05-26T00:00:00
Reserved: 2022-11-01T00:00:00
Link: CVE-2023-20882
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-26T17:15:13.897
Modified: 2023-06-02T01:16:41.457
Link: CVE-2023-20882
JSON object: View
Redhat Information
No data.