Vulnerability Details : CVE-2019-18838
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-18838
- cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18838
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18838
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-18838
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18838
-
https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc
DoS via request without the Host header · Advisory · envoyproxy/envoy · GitHubExploit;Third Party Advisory
-
https://blog.envoyproxy.io
Envoy ProxyProduct
-
https://groups.google.com/forum/#!forum/envoy-users
envoy-users - Google GroepenMailing List;Third Party Advisory
-
https://github.com/envoyproxy/envoy/commits/master
Commits · envoyproxy/envoy · GitHubPatch
Jump to