CVE-2019-18836

Name of the Vulnerable Software and Affected Versions Envoy version 1.12.0

Description The issue is related to a remote denial of service caused by resource loops. This can be triggered by a single idle TCP connection, which can keep a worker thread in an infinite busy loop when continue on listener filters timeout is used. The vulnerability can be exploited by providing specific input, allowing an attacker to cause a denial of service.

Recommendations For Envoy version 1.12.0, consider disabling the use of continue on listener filters timeout to prevent the worker thread from entering an infinite busy loop as a temporary workaround. Restrict access to the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.