Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoyproxy envoy vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-12604
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
Envoyproxy Envoy
Envoyproxy Envoy 1.13.2
Envoyproxy Envoy 1.14.2
445
VMScore
CVE-2020-12603
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
Envoyproxy Envoy
Envoyproxy Envoy 1.13.2
Envoyproxy Envoy 1.14.2
231
VMScore
CVE-2020-11767
Istio up to and including 1.5.1 and Envoy up to and including 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) ...
Envoyproxy Envoy
Istio Istio
445
VMScore
CVE-2020-8660
CNCF Envoy up to and including 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter c...
Envoyproxy Envoy
668
VMScore
CVE-2019-18801
An issue exists in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass...
Envoyproxy Envoy
668
VMScore
CVE-2019-18802
An issue exists in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "ex...
Envoyproxy Envoy
445
VMScore
CVE-2019-18838
An issue exists in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent t...
Envoyproxy Envoy
445
VMScore
CVE-2019-18836
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
Envoyproxy Envoy 1.12.0
Istio Istio
694
VMScore
CVE-2019-15226
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 up to and including 1.11.1 for HTTP/1.x traffic and all versions of E...
Envoyproxy Envoy 1.0.0
Envoyproxy Envoy 1.1.0
Envoyproxy Envoy 1.2.0
Envoyproxy Envoy 1.4.0
Envoyproxy Envoy 1.6.0
Envoyproxy Envoy 1.11.0
Envoyproxy Envoy 1.11.2
Envoyproxy Envoy 1.7.1
Envoyproxy Envoy 1.8.0
Envoyproxy Envoy 1.9.0
Envoyproxy Envoy 1.9.1
Envoyproxy Envoy 1.3.0
Envoyproxy Envoy 1.5.0
Envoyproxy Envoy 1.7.0
Envoyproxy Envoy 1.10.0
Envoyproxy Envoy 1.11.1
445
VMScore
CVE-2019-15225
In Envoy up to and including 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related ...
Envoyproxy Envoy
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »