Lucene search
Veracode Vulnerability DatabaseVERACODE:30153HistoryApr 24, 2021 - 10:47 p.m.
Denial Of Service (DoS)
2021-04-2422:47:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
servicemesh-proxy
denial of service
vulnerability
incorrect timeout calculation
envoy
EPSS
0.002
Percentile
61.1%
servicemesh-proxy is vulnerable to denial of service. An attacker is able to crash the application by sending a malicious packet that specifies a large grpc-timeout, causing envoy to incorrectly calculate the timeouts.
References
access.redhat.com/errata/RHSA-2021:1324
access.redhat.com/security/updates/classification/#important
blog.envoyproxy.io
bugzilla.redhat.com/show_bug.cgi?id=1942272
github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36
github.com/envoyproxy/envoy/releases
github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg
istio.io/latest/news/security/istio-security-2021-003/
Related
redhatcve
redhatcve
CVE-2021-28682
2021-04-15 21:02:15
nvd
nvd
CVE-2021-28682
2021-05-20 17:15:07
osv
osv
BIT-envoy-2021-28682
2024-03-06 10:59:14
CVE-2021-28682
2021-05-20 17:15:07
CVE-2021-28683
2021-05-20 17:15:07
cve
cve
CVE-2021-28682
2021-05-20 17:15:07
cnvd
cnvd
Envoy integer overflow vulnerability
2021-05-21 00:00:00
cvelist
cvelist
CVE-2021-28682
2021-05-20 16:15:20
prion
prion
Integer overflow
2021-05-20 17:15:00
redhat
redhat
nessus
nessus
RHEL 8 : Red Hat OpenShift Service Mesh 2.0.3 (RHSA-2021:1324)
2021-04-22 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 1.1.13 (RHSA-2021:1322)
2021-04-22 00:00:00
Oracle Linux 7 : olcne (ELSA-2021-9397)
2021-08-06 00:00:00
oraclelinux
oraclelinux
olcne security update
2021-08-06 00:00:00
olcne security update
2021-08-06 00:00:00
olcne security update
2021-08-06 00:00:00