4 matches found
CVE-2026-26330
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with applyonstreamdone in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...
CVE-2026-26330
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with applyonstreamdone in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...
PT-2026-24401
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions prior to 1.35.8 Envoy versions prior to 1.36.5 Envoy versions prior to 1.37.1 Description Envoy is a high-performance edge/middle/service proxy. A crash may occur in the rate limit filter when the...
python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding
It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory...