Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:35D60DBB199714671D47C121007282B3
HistoryMay 17, 2016 - 12:00 a.m.

CVE-2016-3091 Diego log encoding vulnerability | Cloud Foundry

2016-05-1700:00:00
Cloud Foundry
www.cloudfoundry.org
19

0.002 Low

EPSS

Percentile

61.7%

CVE-2016-3091 Diego log encoding vulnerability

High

Vendor

Cloud Foundry Foundation

Versions Affected

Diego-release versions 0.1468.0 through 0.1470.0

Description

Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud Foundry installation with an app outputting malformed UTF-8 sequences.

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry Deployments running Diego versions 0.1468.0 through 0.1470.0 upgrade to Diego version 0.1471.0

Credit

This issue was identified by a VMware team and reported responsibly to the Cloud Foundry Foundation.

0.002 Low

EPSS

Percentile

61.7%

Related for CFOUNDRY:35D60DBB199714671D47C121007282B3