Описание
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Дополнительная информация
Статус:
Important
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1942272envoyproxy/envoy: integer overflow handling large grpc-timeouts
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 4 лет назад
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
CVSS3: 7.5
debian
больше 4 лет назад
An issue was discovered in Envoy through 1.71.1. There is a remotely e ...
7.5 High
CVSS3