Envoy
by Envoyproxy
Source repositories
CVEs (95)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15104 | 0.00 | — | 0.00 | Jul 14, 2020 | In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow… | |||
| CVE-2020-12605 | 0.00 | — | 0.01 | Jul 1, 2020 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. | |||
| CVE-2020-8663 | 0.00 | — | 0.01 | Jul 1, 2020 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. | |||
| CVE-2020-12603 | 0.00 | — | 0.01 | Jul 1, 2020 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames. | |||
| CVE-2020-11767 | 0.00 | — | 0.02 | Apr 15, 2020 | Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind… | |||
| CVE-2020-8660 | 0.00 | — | 0.01 | Mar 4, 2020 | CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain,… | |||
| CVE-2020-8664 | 0.00 | — | 0.01 | Mar 4, 2020 | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be… | |||
| CVE-2020-8661 | 0.00 | — | 0.02 | Mar 4, 2020 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. | |||
| CVE-2020-8659 | 0.00 | — | 0.02 | Mar 4, 2020 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. | |||
| CVE-2019-18838 | 0.00 | — | 0.02 | Dec 13, 2019 | An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to… | |||
| CVE-2019-18802 | 0.00 | — | 0.02 | Dec 13, 2019 | An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one… | |||
| CVE-2019-18801 | 0.00 | — | 0.03 | Dec 13, 2019 | An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used… | |||
| CVE-2019-18836 | 0.00 | — | 0.02 | Nov 11, 2019 | Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | |||
| CVE-2019-9901 | 0.00 | — | 0.03 | Apr 25, 2019 | Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond… | |||
| CVE-2019-9900 | 0.00 | — | 0.04 | Apr 25, 2019 | When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to… |
- CVE-2020-15104Jul 14, 2020risk 0.00cvss —epss 0.00
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow…
- CVE-2020-12605Jul 1, 2020risk 0.00cvss —epss 0.01
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
- CVE-2020-8663Jul 1, 2020risk 0.00cvss —epss 0.01
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
- CVE-2020-12603Jul 1, 2020risk 0.00cvss —epss 0.01
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
- CVE-2020-11767Apr 15, 2020risk 0.00cvss —epss 0.02
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind…
- CVE-2020-8660Mar 4, 2020risk 0.00cvss —epss 0.01
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain,…
- CVE-2020-8664Mar 4, 2020risk 0.00cvss —epss 0.01
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be…
- CVE-2020-8661Mar 4, 2020risk 0.00cvss —epss 0.02
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
- CVE-2020-8659Mar 4, 2020risk 0.00cvss —epss 0.02
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
- CVE-2019-18838Dec 13, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to…
- CVE-2019-18802Dec 13, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one…
- CVE-2019-18801Dec 13, 2019risk 0.00cvss —epss 0.03
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used…
- CVE-2019-18836Nov 11, 2019risk 0.00cvss —epss 0.02
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
- CVE-2019-9901Apr 25, 2019risk 0.00cvss —epss 0.03
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond…
- CVE-2019-9900Apr 25, 2019risk 0.00cvss —epss 0.04
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to…
Page 5 of 5