CVE-2023-27496: 
NixOS vulnerability analysis and mitigation

Envoy, an open source edge and service proxy designed for cloud-native applications, was found to contain a vulnerability in its OAuth filter (CVE-2023-27496). Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter incorrectly assumed that a state query parameter would be present on any response that resembles an OAuth redirect response (GitHub Advisory).

The vulnerability stems from an improper input validation (CWE-20) in the OAuth filter implementation. When a request is made with a URI path equivalent to the redirect path but without the required state parameter, it triggers a segmentation fault leading to abnormal termination of the Envoy process. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH by NIST (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and 6.5 MEDIUM by GitHub (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) (NVD).

The vulnerability results in a denial of service condition through application crash. When successfully exploited, it causes the Envoy process to terminate abnormally, disrupting the service availability (GitHub Advisory).

The vulnerability has been patched in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. For users unable to upgrade immediately, several mitigation options are available: locking down OAuth traffic, disabling the OAuth filter, or implementing traffic filtering before requests reach the OAuth filter (e.g., using a lua script) (GitHub Advisory).