Описание
Envoy is a cloud-native, open source edge and service proxy. There is a crash at QuicheDataReader::PeekVarInt62Length(). It is caused by integer underflow in the QuicStreamSequencerBuffer::PeekRegion() implementation.
A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2 | openshift-service-mesh/proxyv2-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2 | servicemesh-proxy | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2283148envoy: different QUIC stack DoS
EPSS
Процентиль: 8%
0.00028
Низкий
5.9 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.9
nvd
больше 1 года назад
Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.
CVSS3: 5.9
debian
больше 1 года назад
Envoy is a cloud-native, open source edge and service proxy. There is ...
EPSS
Процентиль: 8%
0.00028
Низкий
5.9 Medium
CVSS3