Improper Handling of Exceptional Conditions
CVE-2023-41378
Summary
In certain conditions for Calico Typha, a client TLS handshake can block the Calico Typha server indefinitely, resulting in a Denial of Service (DOS). The TLS 'Handshake()' call is performed inside the main server handle for loop without any timeout, allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. This vulnerability affects github.com/projectcalico/calico package versions through 3.25.1, and 3.26.0-0.dev through 3.26.1, and v3.27.0-0.dev.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-755 - Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.
References
Advisory Timeline
- Published