CVE-2021-29258

Опубликовано: 15 апр. 2021

Источник: redhat

CVSS3: 7.5

Описание

An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.

A flaw was found in envoyproxy. An attacker, able to craft an HTTP2 request that specifies an empty metadata map, can crash envoy resulting in a denial of service due to the null reference. The highest threat from this vulnerability is to system availability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1942280envoyproxy/envoy: crash with empty HTTP/2 metadata map

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-29258

CVSS3: 7.5

nvd

больше 4 лет назад

An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.

CVE-2021-29258

CVSS3: 7.5

debian

больше 4 лет назад

An issue was discovered in Envoy 1.14.0. There is a remotely exploitab ...

ELSA-2021-9399

oracle-oval

больше 4 лет назад

ELSA-2021-9399: olcne security update (IMPORTANT)

ELSA-2021-9398

oracle-oval

больше 4 лет назад

ELSA-2021-9398: olcne security update (IMPORTANT)

ELSA-2021-9397

oracle-oval

больше 4 лет назад

ELSA-2021-9397: olcne security update (IMPORTANT)

7.5 High

CVSS3