Lucene search
GitHub_MCVELIST:CVE-2022-29225HistoryJun 09, 2022 - 7:15 p.m.
CVE-2022-29225 Zip bomb vulnerability in Envoy
2022-06-0919:15:14
CWE-400
CWE-409
GitHub_M
raw.githubusercontent.com
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression.
Related
cve
cve
CVE-2022-29225
2022-06-09 20:15:00
prion
prion
Buffer overflow
2022-06-09 20:15:00
osv
osv
CVE-2022-29225
2022-06-09 20:15:08
BIT-envoy-2022-29225
2024-03-06 10:55:19
cnvd
cnvd
Envoy has an unspecified vulnerability (CNVD-2022-82665)
2022-06-10 00:00:00
redhatcve
redhatcve
CVE-2022-29225
2022-06-09 22:57:51
redhat
redhat
nessus
nessus
RHEL 8 : Red Hat OpenShift Service Mesh 2.0.10 (RHSA-2022:5003)
2022-06-13 00:00:00
Oracle Linux 7 : olcne (ELSA-2022-9587)
2022-07-12 00:00:00
Oracle Linux 8 : olcne (ELSA-2022-9586)
2022-07-12 00:00:00
oraclelinux
oraclelinux
olcne security update
2022-07-11 00:00:00
olcne security update
2022-07-11 00:00:00
olcne security update
2022-07-12 00:00:00