Skip to main content

Improper Handling of Exceptional Conditions

CVE-2023-41378

Severity High
Score 7.5/10

Summary

In certain conditions for Calico Typha, a client TLS handshake can block the Calico Typha server indefinitely, resulting in a Denial of Service (DOS). The TLS 'Handshake()' call is performed inside the main server handle for loop without any timeout, allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. This vulnerability affects github.com/projectcalico/calico package versions through 3.25.1, and 3.26.0-0.dev through 3.26.1, and v3.27.0-0.dev.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Advisory Timeline

  • Published