Published: 09/10/2019 Updated: 17/10/2019

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 up to and including 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
envoyproxy envoy 1.0.0
envoyproxy envoy 1.1.0
envoyproxy envoy 1.2.0
envoyproxy envoy 1.4.0
envoyproxy envoy 1.6.0
envoyproxy envoy 1.11.0
envoyproxy envoy 1.11.2
envoyproxy envoy 1.7.1
envoyproxy envoy 1.8.0
envoyproxy envoy 1.9.0
envoyproxy envoy 1.9.1
envoyproxy envoy 1.3.0
envoyproxy envoy 1.5.0
envoyproxy envoy 1.7.0
envoyproxy envoy 1.10.0
envoyproxy envoy 1.11.1

CWE-400 https://github.com/envoyproxy/envoy/commits/master https://github.com/envoyproxy/envoy/issues/8520 https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-15226

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect