Описание
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
A flaw was found in envoy. An attacker can craft an HTTP request, which uses an Internationalized Domain Name (IDN) as the host component, resulting in an attempt to convert the host name (from Unicode to ASCII) potentially causing a segfault. The highest threat from this vulnerability is to system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh-proxy | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1877605envoyproxy/envoy: Null pointer deference in URL parsing
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 5 лет назад
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
CVSS3: 7.5
debian
больше 5 лет назад
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL ...
7.5 High
CVSS3