VYPR

rpm package

opensuse/envoy-proxy&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/envoy-proxy&distro=openSUSE%20Leap%2015.3

Vulnerabilities (5)

  • CVE-2020-35471Dec 15, 2020
    affected < 1.14.6-bp153.3.4.1fixed 1.14.6-bp153.3.4.1

    Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

  • CVE-2020-12605Jul 1, 2020
    affected < 1.14.6-bp153.3.4.1fixed 1.14.6-bp153.3.4.1

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.

  • CVE-2020-12604Jul 1, 2020
    affected < 1.14.6-bp153.3.4.1fixed 1.14.6-bp153.3.4.1

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.

  • CVE-2020-8663Jul 1, 2020
    affected < 1.14.6-bp153.3.4.1fixed 1.14.6-bp153.3.4.1

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.

  • CVE-2020-12603Jul 1, 2020
    affected < 1.14.6-bp153.3.4.1fixed 1.14.6-bp153.3.4.1

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.