Vulnerability Description
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envoyproxy | Envoy | <= 1.12.1 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:4222Third Party Advisory
- https://blog.envoyproxy.ioProduct
- https://github.com/envoyproxy/envoy/commits/masterPatch
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rpppExploitThird Party Advisory
- https://groups.google.com/forum/#%21forum/envoy-users
- https://access.redhat.com/errata/RHSA-2019:4222Third Party Advisory
- https://blog.envoyproxy.ioProduct
- https://github.com/envoyproxy/envoy/commits/masterPatch
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rpppExploitThird Party Advisory
- https://groups.google.com/forum/#%21forum/envoy-users
FAQ
What is CVE-2019-18801?
CVE-2019-18801 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corr...
How severe is CVE-2019-18801?
CVE-2019-18801 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18801?
Check the references section above for vendor advisories and patch information. Affected products include: Envoyproxy Envoy.