Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45434

HistoryFeb 12, 2024 - 6:55 a.m.

Denial Of Service (DoS)

2024-02-1206:55:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

denial of service

github

vulnerability

cpu usage

request latency

regex expression

routes

matchers

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.0%

github.com/envoyproxy/envoy is vulnerable to Denial Of Service (DoS). The vulnerability is due to a regex expression which is compiled for every request. This can result in high CPU usage and increased request latency when multiple routes are configured with such matchers.

References

github.com/envoyproxy/envoy/commit/67837913173ac7ae6b4bde1316986b9eaf5ce1b9

github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645

github.com/envoyproxy/envoy/commit/762b067270fd4403f28ff1b2844072c86e6c25e7

github.com/envoyproxy/envoy/commit/d41d61a841b5377e47147921da2dc20208d35d8f

github.com/envoyproxy/envoy/commit/f65ace2963263f476a5330e73cbe69fb5a0cf4c8

github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.0%

Related for VERACODE:45434

osv2 cvelist1 nvd1 cve1 vulnrichment1 prion1 redhatcve1 nessus2 redos1