Vulnerability Description
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envoyproxy | Envoy | <= 1.12.1 |
Related Weaknesses (CWE)
References
- https://blog.envoyproxy.ioProduct
- https://github.com/envoyproxy/envoy/commits/masterPatch
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhcExploitThird Party Advisory
- https://groups.google.com/forum/#%21forum/envoy-users
- https://blog.envoyproxy.ioProduct
- https://github.com/envoyproxy/envoy/commits/masterPatch
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhcExploitThird Party Advisory
- https://groups.google.com/forum/#%21forum/envoy-users
FAQ
What is CVE-2019-18838?
CVE-2019-18838 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response...
How severe is CVE-2019-18838?
CVE-2019-18838 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18838?
Check the references section above for vendor advisories and patch information. Affected products include: Envoyproxy Envoy.