Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/30 11:39 p.m.9 views

BIT-ENVOY-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 6:17 p.m.10 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS0.0061EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 5:38 p.m.28 views

CVE-2026-48706

CVE-2026-48706 affects Envoy TCP StatsD sink (TcpStatsdSink). A heap write overflow can occur when processing extremely long statistic names (>16 KiB) due to mismanagement of 16 KiB flush slices during buffer rotation, potentially causing process crash or remote code execution. Affected versio...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/26 5:38 p.m.4 views

CVE-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS6.7AI score0.0061EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52891

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A heap write overflow exists in the TCP StatsD sink TcpStatsdSink when processing...

7.5CVSS6.2AI score0.0061EPSS
Exploits0References19
Rows per page
Query Builder