PT-2019-14022 · Envoy · Envoy
Skambashi
·
Published
2019-08-19
·
Updated
2020-08-24
·
CVE-2019-15225
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Envoy versions prior to 1.11.1
Description
A denial of service issue exists due to the libstdc++ regular expression implementation. A remote attacker can send a request with a very long URI, resulting in excessive memory consumption.
Recommendations
For versions prior to 1.11.1, update to a version that contains a fix for this issue to prevent denial of service attacks.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Envoy