Veracode Vulnerability DatabaseVERACODE:41790Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
20.3%
github.com/envoyproxy/envoy is vulnerable to Denial of Service (DoS) attacks. When the listener is exhausted, gRPC access logs utilizing its global scope may result in a use-after-free, which allows an authenticated attacker to cause an application crash via a malicious LDS upstream.
References
github.com/envoyproxy/envoy/commit/2cd3f88a1080a92d0274e73bef46f2d493cbaf5d
github.com/envoyproxy/envoy/commit/30fefeae57beb116eda38e192b42b7373e871fb9
github.com/envoyproxy/envoy/commit/7cdd48665959c9f9e3e0d28df23ea5566eb67e98
github.com/envoyproxy/envoy/commit/919deddb87a51d284ceaad3ab011898dc78b2feb
github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
20.3%