FKIE_CVE-2019-18838

Vulnerability from fkie_nvd - Published: 2019-12-13 13:15 - Updated: 2024-11-21 04:33
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
References
cve@mitre.orghttps://blog.envoyproxy.ioProduct
cve@mitre.orghttps://github.com/envoyproxy/envoy/commits/masterPatch
cve@mitre.orghttps://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhcExploit, Third Party Advisory
cve@mitre.orghttps://groups.google.com/forum/#%21forum/envoy-users
af854a3a-2127-422b-91ae-364da2661108https://blog.envoyproxy.ioProduct
af854a3a-2127-422b-91ae-364da2661108https://github.com/envoyproxy/envoy/commits/masterPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhcExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/forum/#%21forum/envoy-users
Impacted products
Vendor Product Version
envoyproxy envoy *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FE9447-DDAB-42A3-827A-DAB57328D902",
              "versionEndIncluding": "1.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated \"Invalid request\" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request\u0027s Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Envoy versi\u00f3n 1.12.0. Tras recibir una petici\u00f3n HTTP malformada sin un encabezado Host, se env\u00eda una respuesta \"Invalid request\" generada internamente. Esta respuesta generada internamente es enviada por medio de la cadena de filtro del codificador configurado antes de enviarse al cliente. Un filtro del codificador que invoca las API de administrador de ruta que acceden al encabezado Host de una petici\u00f3n causa una desreferencia del puntero NULL, resultando en la terminaci\u00f3n anormal del proceso de Envoy."
    }
  ],
  "id": "CVE-2019-18838",
  "lastModified": "2024-11-21T04:33:41.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-13T13:15:11.443",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://blog.envoyproxy.io"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/envoyproxy/envoy/commits/master"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://groups.google.com/forum/#%21forum/envoy-users"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://blog.envoyproxy.io"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/envoyproxy/envoy/commits/master"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/forum/#%21forum/envoy-users"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.