4 matches found
Photon OS 1.0: Envoy PHSA-2020-1.0-0268
An update of the envoy package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0268. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133470...
CVE-2019-18801
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents leading to a query-of-death scenario or may be used to bypass Envoy's...
CVE-2019-18801
CVE-2019-18801 affects Envoy 1.12.0 where an untrusted remote client can send HTTP/2 requests that write to the heap outside of request buffers when the upstream is HTTP/1, potentially causing heap corruption (query‑of‑death) or bypassing access controls like path-based routing. The vulnerability...
Envoy CVE-2019-18801 Heap Buffer Overflow Vulnerability
Description Envoy PHP is prone to a heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows attackers to execute arbitrary code in the contex...