Vulnerability Details CVE-2019-18836
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://blog.envoyproxy.io
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46
- https://github.com/istio/istio/issues/18229
- https://groups.google.com/forum/#%21forum/envoy-users
- https://blog.envoyproxy.io
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46
- https://github.com/istio/istio/issues/18229
- https://groups.google.com/forum/#%21forum/envoy-users
Products affected by CVE-2019-18836
-
cpe:2.3:a:envoyproxy:envoy:1.12.0
-
cpe:2.3:a:istio:istio:1.3.0
-
cpe:2.3:a:istio:istio:1.3.1
-
cpe:2.3:a:istio:istio:1.3.2
-
cpe:2.3:a:istio:istio:1.3.3