CVE-2020-35471

Опубликовано: 20 нояб. 2020

Источник: redhat

CVSS3: 7.5

Описание

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

A NULL pointer dereference vulnerability was found in Envoy. During the handling of truncated or dropped UDP datagrams, this flaw allows an attacker to specify the length of the packet to be larger than 1500 bytes and cause the envoy proxy process to segfault, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Отчет

While OpenShift ServiceMesh (OSSM) does package a vulnerable version of Envoy, it does not implement the UDP proxy in Envoy. Therefore, it has been assessed with a Low impact, Wontfix, and may be addressed in a future release.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenShift Service Mesh 1	servicemesh-proxy	Will not fix
OpenShift Service Mesh 2.0	servicemesh-proxy	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1907804envoy: mishandling dropped and truncated datagrams leads to segfault and DoS

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-35471

CVSS3: 7.5

nvd

около 5 лет назад

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

CVE-2020-35471

CVSS3: 7.5

debian

около 5 лет назад

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...

GHSA-vc66-g998-2h5p

github

больше 3 лет назад

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

openSUSE-SU-2022:0065-1

suse-cvrf

почти 4 года назад

Security update for envoy-proxy

7.5 High

CVSS3