5 matches found
EUVD-2019-8537
Malware in sbrugna...
SUSE CVE-2019-18838
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An...
SUSE CVE-2019-18836
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continueonlistenerfilterstimeout is used."...
PT-2019-15674 · Envoy +1 · Envoy +1
Name of the Vulnerable Software and Affected Versions: Envoy version 1.12.0 Description: An issue was discovered where an untrusted remote client can send an HTTP header, such as the Host header, with whitespace after the header content. This allows the client to bypass matchers, for example, by...
CVE-2019-18801
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents leading to a query-of-death scenario or may be used to bypass Envoy's...