Search criteria
9 vulnerabilities found for envoy by cncf
FKIE_CVE-2020-8659
Vulnerability from fkie_nvd - Published: 2020-03-04 21:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0734 | Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0734 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cncf | envoy | * | |
| redhat | openshift_service_mesh | 1.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cncf:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6EEB31-7DC7-4778-8EB5-B4C6E0CC2ED1",
"versionEndIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks."
},
{
"lang": "es",
"value": "CNCF Envoy versiones hasta 1.13.0, puede consumir cantidades excesivas de memoria cuando se hace proxy a peticiones o respuestas HTTP/1.1 con muchos fragmentos peque\u00f1os (es decir, 1 byte)."
}
],
"id": "CVE-2020-8659",
"lastModified": "2024-11-21T05:39:12.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-04T21:15:11.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8661
Vulnerability from fkie_nvd - Published: 2020-03-04 21:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0734 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7 | Third Party Advisory | |
| cve@mitre.org | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0734 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cncf | envoy | * | |
| redhat | openshift_service_mesh | 1.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cncf:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6EEB31-7DC7-4778-8EB5-B4C6E0CC2ED1",
"versionEndIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3B0F0C-157A-46A4-AE24-6E14E074A377",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests."
},
{
"lang": "es",
"value": "CNCF Envoy versiones hasta 1.13.0, puede consumir cantidades excesivas de memoria cuando responde internamente a peticiones en tuber\u00edas \"pipelined\"."
}
],
"id": "CVE-2020-8661",
"lastModified": "2024-11-21T05:39:13.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-04T21:15:11.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8664
Vulnerability from fkie_nvd - Published: 2020-03-04 21:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0734 | Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8 | Third Party Advisory | |
| cve@mitre.org | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0734 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cncf:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6EEB31-7DC7-4778-8EB5-B4C6E0CC2ED1",
"versionEndIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the \u201cstatic\u201d part of the validation context to be not applied, even though it was visible in the active config dump."
},
{
"lang": "es",
"value": "CNCF Envoy versiones hasta 1.13.0, presenta un Control de Acceso incorrecto cuando se usa SDS con Contexto de Comprobaci\u00f3n Combinada. Al utilizar el mismo secreto (por ejemplo, CA de confianza) a trav\u00e9s de muchos recursos junto con el contexto de comprobaci\u00f3n combinado podr\u00eda conllevar a que la parte \u201cstatic\u201d del contexto de comprobaci\u00f3n no sea aplicada, a\u00fan y cuando fuera visible en el volcado de la configuraci\u00f3n activa."
}
],
"id": "CVE-2020-8664",
"lastModified": "2024-11-21T05:39:13.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-04T21:15:11.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-8664 (GCVE-0-2020-8664)
Vulnerability from cvelistv5 – Published: 2020-03-04 20:53 – Updated: 2024-08-04 10:03
VLAI?
Summary
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the \u201cstatic\u201d part of the validation context to be not applied, even though it was visible in the active config dump."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the \u201cstatic\u201d part of the validation context to be not applied, even though it was visible in the active config dump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"name": "RHSA-2020:0734",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8664",
"datePublished": "2020-03-04T20:53:13",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8661 (GCVE-0-2020-8661)
Vulnerability from cvelistv5 – Published: 2020-03-04 20:48 – Updated: 2024-08-04 10:03
VLAI?
Summary
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"name": "RHSA-2020:0734",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8661",
"datePublished": "2020-03-04T20:48:16",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8659 (GCVE-0-2020-8659)
Vulnerability from cvelistv5 – Published: 2020-03-04 20:43 – Updated: 2024-08-04 10:03
VLAI?
Summary
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3014-1] elog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T13:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3014-1] elog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"name": "RHSA-2020:0734",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3014-1] elog security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8659",
"datePublished": "2020-03-04T20:43:55",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8664 (GCVE-0-2020-8664)
Vulnerability from nvd – Published: 2020-03-04 20:53 – Updated: 2024-08-04 10:03
VLAI?
Summary
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the \u201cstatic\u201d part of the validation context to be not applied, even though it was visible in the active config dump."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the \u201cstatic\u201d part of the validation context to be not applied, even though it was visible in the active config dump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8"
},
{
"name": "RHSA-2020:0734",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8664",
"datePublished": "2020-03-04T20:53:13",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8661 (GCVE-0-2020-8661)
Vulnerability from nvd – Published: 2020-03-04 20:48 – Updated: 2024-08-04 10:03
VLAI?
Summary
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7"
},
{
"name": "RHSA-2020:0734",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8661",
"datePublished": "2020-03-04T20:48:16",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8659 (GCVE-0-2020-8659)
Vulnerability from nvd – Published: 2020-03-04 20:43 – Updated: 2024-08-04 10:03
VLAI?
Summary
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3014-1] elog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T13:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3014-1] elog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv"
},
{
"name": "RHSA-2020:0734",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"name": "[debian-lts-announce] 20220518 [SECURITY] [DLA 3014-1] elog security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8659",
"datePublished": "2020-03-04T20:43:55",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}