Vulnerability Details : CVE-2019-18801
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-18801
- cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18801
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18801
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-18801
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18801
-
https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp
Heap overflow via :method header · Advisory · envoyproxy/envoy · GitHubExploit;Third Party Advisory
-
https://blog.envoyproxy.io
Envoy ProxyProduct
-
https://groups.google.com/forum/#!forum/envoy-users
envoy-users - Google GroepenThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:4222
RHSA-2019:4222 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/envoyproxy/envoy/commits/master
Commits · envoyproxy/envoy · GitHubPatch
Jump to