CVE-2023-20882

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-20882

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-20882.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-20882

Published

2023-05-26T17:15:13.897Z

Modified

2025-12-06T14:03:41.533986Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.

References

https://www.cloudfoundry.org/blog/cve-2023-20882-gorouter-pruning-via-client-disconnect-resulting-in-dos/

Affected packages

Git / github.com/cloudfoundry/cf-deployment

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/cf-deployment
Events: Introduced

778e0ecbe30c6a246eca2c85ef3727fc07b4c10d

Fixed

69b5272503a317bb7972e30a8ef2c369d9ee90d0

Affected versions

v27.*

v27.4.0

v27.5.0

v27.6.0

v27.7.0

v27.8.0

v28.*

v28.0.0

v28.1.0

v28.2.0

Git / github.com/cloudfoundry/routing-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/routing-release
Events: Introduced

5925720c95a018217ca80696f28738d075621f63

Fixed

5cd232a9976b353e06f833d08644f306aa1f213d

Affected versions

v0.*

v0.262.0

v0.263.0

v0.264.0

v0.265.0

v0.265.1