An out-of-bounds memory read vulnerability was found in envoyproxy/envoy. When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of the following: the decompressor, json-transcoder, grpc-web, or other proprietary extensions. This flaw allows an malicious user to read invalid memory and cause envoy to crash, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
envoyproxy envoy 1.19.0 |
||
envoyproxy envoy |