vulnerability

VMware Photon OS: CVE-2023-41378

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Nov 6, 2023	Jan 20, 2025	Feb 9, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Nov 6, 2023

Added

Jan 20, 2025

Modified

Feb 9, 2026

Description

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.

Solution

vmware-photon_os_update_tdnf

References

CVE-2023-41378
https://attackerkb.com/topics/CVE-2023-41378
CWE-400
CWE-703
CWE-755

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today