CVE-2022-23606

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23606
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23606.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-23606
Aliases
Downstream
Published
2022-02-22T22:20:13Z
Modified
2025-10-08T05:13:02.258647Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Crash when a cluster is deleted in Envoy
Details

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.

References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e
Fixed
4aaf9593152c6996b9da384c8918e9ad4f0abd4d
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
a9d72603c68da3a10a1c0d021d01c7877e6f2a30
Fixed
af50070ee60866874b0a9383daf9364e884ded22

Affected versions

v1.*

v1.20.0
v1.20.1
v1.21.0

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "245673340480709380475607110780385137708",
                    "285494569074532567258474565032572094364",
                    "121492910522987967398570563042373873103",
                    "208903825150298770882316003860954195851"
                ]
            },
            "source": "https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22",
            "deprecated": false,
            "target": {
                "file": "source/common/tcp_proxy/tcp_proxy.h"
            },
            "signature_type": "Line",
            "id": "CVE-2022-23606-097fed22"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 338.0,
                "function_hash": "43013079311173114698727080572662162328"
            },
            "source": "https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d",
            "deprecated": false,
            "target": {
                "file": "source/common/conn_pool/conn_pool_base.cc",
                "function": "ConnPoolImplBase::checkForIdleAndCloseIdleConnsIfDraining"
            },
            "signature_type": "Function",
            "id": "CVE-2022-23606-750e7fbb"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "238363169343804913942300291017684487943",
                    "281075802092293195505541183629950851527",
                    "190309091056183134939303314630437286332",
                    "1336839216182560585869212455485126136",
                    "91854374677920975889051724337189261314",
                    "176073550574850004587196271703191506168",
                    "54303611712421497849276770032572170236",
                    "89596254872871249889385232134194772639",
                    "232868586170569298338666905475474416875",
                    "68418232771506422252069681807775341343"
                ]
            },
            "source": "https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d",
            "deprecated": false,
            "target": {
                "file": "source/common/conn_pool/conn_pool_base.h"
            },
            "signature_type": "Line",
            "id": "CVE-2022-23606-75516c6f"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "222375982320279527150068471158201686244",
                    "165738277750233846199418982723160704713",
                    "44051101608002913249948422506083140770"
                ]
            },
            "source": "https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22",
            "deprecated": false,
            "target": {
                "file": "test/integration/tcp_tunneling_integration_test.cc"
            },
            "signature_type": "Line",
            "id": "CVE-2022-23606-9c39651a"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 808.0,
                "function_hash": "296559161755360112084384558440136934044"
            },
            "source": "https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22",
            "deprecated": false,
            "target": {
                "file": "source/common/tcp_proxy/tcp_proxy.cc",
                "function": "Filter::onDownstreamEvent"
            },
            "signature_type": "Function",
            "id": "CVE-2022-23606-a6789e61"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "97652407307682118633090827808836069896",
                    "202222073443799289957911450767890213833",
                    "115564202354952612799820744008677299818",
                    "100865938374520508671052066897428637482",
                    "266358857140130331037141171435995735386",
                    "241277250285489246241581928533925069698",
                    "112864798336767260895615422020255373801",
                    "326344252156913283305823248376635974319",
                    "149501076714298581724217944116072240117",
                    "20851967513280832025446682514306651511",
                    "101660301215173511645125806388931558046",
                    "161983258376373368998625288716073445864",
                    "125013157627477663648794220335175813129",
                    "114297756736507093046297363714182913184",
                    "326342629182717535494243166437244508087",
                    "129503348076797258550455082149053172774",
                    "6063454819406071701935832397149074681",
                    "25450544109902264946434894665349483615",
                    "14209541420216802153449926603071335280",
                    "28083104488430351869423149520385632380",
                    "27329837804645812211356628610675816305"
                ]
            },
            "source": "https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d",
            "deprecated": false,
            "target": {
                "file": "test/integration/cds_integration_test.cc"
            },
            "signature_type": "Line",
            "id": "CVE-2022-23606-bf50e605"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "150676539833679190158940891882333303963",
                    "27409818851555323095073296906901027733",
                    "55324179392422643085196396072729602785"
                ]
            },
            "source": "https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d",
            "deprecated": false,
            "target": {
                "file": "test/config/utility.h"
            },
            "signature_type": "Line",
            "id": "CVE-2022-23606-ce5c4e8e"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "146243477446113422387021212725253250778",
                    "48539946143607539866181123457421037495",
                    "283468910120726656487263215273247794220",
                    "32816829629574534818331468211218975208",
                    "167487698232686579647343259536732486616",
                    "18932793910309592312745692489877318569",
                    "190222441294940987692714025372522320194",
                    "233481120278761949454860284316900076892",
                    "33182693539138785849824461743826464632",
                    "238411867963402661331142337279192022640"
                ]
            },
            "source": "https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22",
            "deprecated": false,
            "target": {
                "file": "source/common/tcp_proxy/tcp_proxy.cc"
            },
            "signature_type": "Line",
            "id": "CVE-2022-23606-d54b575d"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 528.0,
                "function_hash": "83990222759686494038875668905777786185"
            },
            "source": "https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d",
            "deprecated": false,
            "target": {
                "file": "source/common/conn_pool/conn_pool_base.cc",
                "function": "ConnPoolImplBase::closeIdleConnectionsForDrainingPool"
            },
            "signature_type": "Function",
            "id": "CVE-2022-23606-dc8d3820"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 711.0,
                "function_hash": "63191530169222520921233896458439701262"
            },
            "source": "https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22",
            "deprecated": false,
            "target": {
                "file": "source/common/tcp_proxy/tcp_proxy.cc",
                "function": "Filter::onUpstreamEvent"
            },
            "signature_type": "Function",
            "id": "CVE-2022-23606-efb2c5e4"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "211063805449318930197667500157467379330",
                    "238149429280769817104751274898789662521",
                    "155508904057016497276277837828561242331",
                    "306263256694188145409853147140795887683",
                    "24621026682503930056724633583760538450",
                    "210759516705868193041331552012792706907",
                    "268100365964683135363265243678321089408",
                    "116993638250131326183953285211810091083",
                    "57246520075670457973995740670893215413",
                    "194433285147185661463287816608904302305",
                    "245699478661219870215728951569204544048",
                    "286440446911758131586479113237388457926",
                    "33382072507043576477734303938545662581",
                    "298229981597606534667320296045042459684",
                    "173090808602105440099610064642968627733",
                    "210942585548006467924962946211585504886",
                    "193341038770066763728097793037333651465",
                    "340006873902019806079016649741212930377",
                    "286206063645562425499514746822691310145",
                    "291017590637862723045538078816014658015"
                ]
            },
            "source": "https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d",
            "deprecated": false,
            "target": {
                "file": "source/common/conn_pool/conn_pool_base.cc"
            },
            "signature_type": "Line",
            "id": "CVE-2022-23606-f0c98cd4"
        }
    ]
}