Kubernetes CVE-2023-45288
Package
kubernetes-1.23
(bottlerocket)
Affected versions
< 1.20.4
Patched versions
1.20.4
kubernetes-1.24
(bottlerocket)
< 1.20.4
1.20.4
kubernetes-1.25
(bottlerocket)
< 1.20.4
1.20.4
kubernetes-1.26
(bottlerocket)
< 1.20.4
1.20.4
A flaw was detected in the
http2
library. When a request's headers exceedMaxHeaderBytes
, no memory is allocated to store the excess headers, but they are still parsed. This could lead to an HTTP/2 endpoint to read arbitrary amounts of header data.