In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
References
Link | Resource |
---|---|
https://github.com/envoyproxy/envoy/issues/7728 | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-08-19 16:15
Updated : 2020-08-24 10:37
NVD link : CVE-2019-15225
Mitre link : CVE-2019-15225
JSON object : View
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Products Affected
envoyproxy
- envoy