← Voltar para CVEs
CVE-2019-18838
HIGH7.5
Descricao
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/13/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
envoyproxy:envoy
Fraquezas (CWE)
CWE-476
Referencias
https://blog.envoyproxy.io(cve@mitre.org)
https://github.com/envoyproxy/envoy/commits/master(cve@mitre.org)
https://groups.google.com/forum/#%21forum/envoy-users(cve@mitre.org)
https://blog.envoyproxy.io(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/envoyproxy/envoy/commits/master(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/#%21forum/envoy-users(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.