Lucene search
+L

11 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 5:17 p.m.10 views

CVE-2026-47204

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted Connect protocol request to a direct response route. This action causes the envoy.filters.http.grpcstats filter to crash, leading to a denial of servic...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References4
OSV
OSV
added 2026/06/29 5:40 a.m.5 views

BIT-ENVOY-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 6:16 p.m.9 views

CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS0.00448EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 5:37 p.m.36 views

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS0.00448EPSS
Exploits1References1
OSV
OSV
added 2026/06/26 5:37 p.m.3 views

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS5.9AI score0.00448EPSS
Exploits1References3
CVE
CVE
added 2026/06/26 5:37 p.m.21 views

CVE-2026-47204

Envoy CVE-2026-47204 affects the envoy.filters.http.grpc_stats filter. From 1.26.0 up to 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hitting a direct_response route could crash the Envoy process due to a nul...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:37 p.m.6 views

CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS5.8AI score0.00448EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2022/04/07 6:6 p.m.6 views

envoy: Incorrect handling of internal redirects to routes with a direct response entry

A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry...

7.5CVSS5.7AI score0.01145EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/07 6:2 p.m.2 views

envoy: Incorrect handling of internal redirects to routes with a direct response entry

A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry...

7.5CVSS5.7AI score0.01145EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/02/22 12:0 a.m.4 views

PT-2022-15010 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The envoy common router will experience a segfault if an internal redirect selects a route configured with direct response or redirect actions, resulting in a denial of service...

7.5CVSS7.3AI score0.01145EPSS
Exploits0References9
OSV
OSV
added 2019/12/04 8:15 p.m.5 views

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

6.5CVSS6.6AI score0.01835EPSS
Exploits2References3
Rows per page
Query Builder