A denial-of-service vulnerability in the HTTP/2 protocol was recently disclosed which could result in resource consumption of a vulnerable target.
VMware investigations have determined that VMware products are not critically impacted by CVE-2023-44487. Regardless, VMware products will be consuming recommended updates in previously scheduled releases. If a product is determined to be critically impacted a VMware Security Advisory (VMSA) with remediation information will be published, please sign up for VMSA alerts on our main advisory page.
We understand that there may be heightened concern around VMware products that are designed to be on the public internet. With this in mind, the following products have released additional information regarding CVE-2023-44487:
NSX Advanced Load Balancer (AVI)
Tanzu Application Service for VMs (TAS)
This publication will be updated if additional product documentation is produced.
