Bitnami package
envoy
pkg:bitnami/envoy
Vulnerabilities (86)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12605 | — | < 1.12.5 | 1.12.5 | Jul 1, 2020 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. | ||
| CVE-2020-12604 | — | < 1.12.5 | 1.12.5 | Jul 1, 2020 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. | ||
| CVE-2020-8663 | — | < 1.12.5 | 1.12.5 | Jul 1, 2020 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. | ||
| CVE-2020-12603 | — | < 1.12.5 | 1.12.5 | Jul 1, 2020 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames. | ||
| CVE-2020-11767 | — | < 1.14.2 | 1.14.2 | Apr 15, 2020 | Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.examp | ||
| CVE-2020-8660 | — | < 1.12.3 | 1.12.3 | Mar 4, 2020 | CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possib |
- CVE-2020-12605Jul 1, 2020affected < 1.12.5fixed 1.12.5
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
- CVE-2020-12604Jul 1, 2020affected < 1.12.5fixed 1.12.5
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
- CVE-2020-8663Jul 1, 2020affected < 1.12.5fixed 1.12.5
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
- CVE-2020-12603Jul 1, 2020affected < 1.12.5fixed 1.12.5
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
- CVE-2020-11767Apr 15, 2020affected < 1.14.2fixed 1.14.2
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.examp
- CVE-2020-8660Mar 4, 2020affected < 1.12.3fixed 1.12.3
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possib
Page 5 of 5