Veracode Vulnerability DatabaseVERACODE:41790Denial Of Service (DoS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
31.1%
github.com/envoyproxy/envoy is vulnerable to Denial of Service (DoS) attacks. When the listener is exhausted, gRPC access logs utilizing its global scope may result in a use-after-free, which allows an authenticated attacker to cause an application crash via a malicious LDS upstream.
References
github.com/envoyproxy/envoy/commit/2cd3f88a1080a92d0274e73bef46f2d493cbaf5d
github.com/envoyproxy/envoy/commit/30fefeae57beb116eda38e192b42b7373e871fb9
github.com/envoyproxy/envoy/commit/7cdd48665959c9f9e3e0d28df23ea5566eb67e98
github.com/envoyproxy/envoy/commit/919deddb87a51d284ceaad3ab011898dc78b2feb
github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
31.1%