CVE-2023-41378
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Calico Typha denial of service vulnerability
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/projectcalico/calico | >=3.26.0,<3.26.3 | 3.26.3 |
| Go | github.com/projectcalico/calico | <=3.25.1 | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-41378
- https://github.com/projectcalico/calico/pull/7908
- https://github.com/projectcalico/calico/pull/7993
- https://github.com/projectcalico/calico/commit/2ebc1f92ecc39332cf1d55ba676d9101af24982f
- https://github.com/projectcalico/calico/commit/ad8bd001e650ec7742ac30e58247e7eef5956125
- https://github.com/projectcalico/calico
- https://www.tigera.io/security-bulletins-tta-2023-001
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.