9 matches found
CVE-2026-26311
CVE-2026-26311 affects Envoy releases prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13. The issue is a logic vulnerability in the HTTP connection manager (FilterManager) where, after an HTTP/2 stream reset, the code may invoke filter callbacks on a stream that is already logically cleaned up, creatin...
CVE-2026-26310
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the originalsrc filter and the dns filter. This vulnerability is fixe...
CVE-2026-26310 Crash for scoped ip address in Envoy during DNS
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the originalsrc filter and the dns filter. This vulnerability is fixe...
CVE-2026-26309
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...
CVE-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...
EUVD-2026-10799
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...
Envoy 资源管理错误漏洞
Envoy is an open-source gateway program developed by Enphase for connecting smart home devices. Versions of Envoy prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a resource management vulnerability. This vulnerability stems from improper cleanup of internal state within the rate-limiting...
SUSE SLES15 / openSUSE 15 Security Update : nbdkit (SUSE-SU-2025:01889-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01889-1 advisory. Update to version 1.36.5. Security fixes: - CVE-2025-47712: integer overflow in blocksize filter when processing...
Security update for nbdkit
This update for nbdkit fixes the following issues: Update to version 1.36.5. Security fixes: CVE-2025-47712: integer overflow in blocksize filter when processing client block status requests larger than 232 will trigger an assertion failure and cause a denial-of-service. bsc1243108. CVE-2025-4771...