Unrated severityNVD Advisory· Published Jul 1, 2020· Updated Aug 4, 2024
CVE-2020-12604
CVE-2020-12604
Description
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Envoy/Envoydescription
- osv-coords3 versionspkg:bitnami/envoypkg:rpm/opensuse/envoy-proxy&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/envoy-proxy&distro=SUSE%20Package%20Hub%2015%20SP3
< 1.12.5+ 2 more
- (no CPE)range: < 1.12.5
- (no CPE)range: < 1.14.6-bp153.3.4.1
- (no CPE)range: < 1.14.6-bp153.3.4.1
Patches
Vulnerability mechanics
References
2- github.com/envoyproxy/envoy/commits/mastermitrex_refsource_MISC
- github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.