PT-2020-13164 · Envoy · Envoy

Antonio Vicente

Published

2020-07-01

Updated

2024-03-06

CVE-2020-12605

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier

Description The issue is related to excessive memory consumption when processing HTTP/1.1 headers with long field names or requests with long URLs.

Recommendations For Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier, consider restricting the length of HTTP/1.1 headers and URLs to minimize the risk of excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-ENVOY-2020-12605

CVE-2020-12605

GHSA-FJXC-JJ43-F777

OPENSUSE-SU-2022:0065-1

RHSA-2020:2798

RHSA-2020:2864

Affected Products

Envoy

PT-2020-13164 · Envoy · Envoy

CVE-2020-12605

Weakness Enumeration

Related Identifiers

Affected Products

References · 16