Vulnerability Details CVE-2020-12605
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-12605
-
cpe:2.3:a:envoyproxy:envoy:-
-
cpe:2.3:a:envoyproxy:envoy:1.0.0
-
cpe:2.3:a:envoyproxy:envoy:1.1.0
-
cpe:2.3:a:envoyproxy:envoy:1.10.0
-
cpe:2.3:a:envoyproxy:envoy:1.11.0
-
cpe:2.3:a:envoyproxy:envoy:1.11.1
-
cpe:2.3:a:envoyproxy:envoy:1.11.2
-
cpe:2.3:a:envoyproxy:envoy:1.12.0
-
cpe:2.3:a:envoyproxy:envoy:1.12.1
-
cpe:2.3:a:envoyproxy:envoy:1.12.2
-
cpe:2.3:a:envoyproxy:envoy:1.12.3
-
cpe:2.3:a:envoyproxy:envoy:1.12.4
-
cpe:2.3:a:envoyproxy:envoy:1.13.2
-
cpe:2.3:a:envoyproxy:envoy:1.14.2
-
cpe:2.3:a:envoyproxy:envoy:1.2.0
-
cpe:2.3:a:envoyproxy:envoy:1.3.0
-
cpe:2.3:a:envoyproxy:envoy:1.4.0
-
cpe:2.3:a:envoyproxy:envoy:1.5.0
-
cpe:2.3:a:envoyproxy:envoy:1.6.0
-
cpe:2.3:a:envoyproxy:envoy:1.7.0
-
cpe:2.3:a:envoyproxy:envoy:1.7.1
-
cpe:2.3:a:envoyproxy:envoy:1.8.0
-
cpe:2.3:a:envoyproxy:envoy:1.9.0
-
cpe:2.3:a:envoyproxy:envoy:1.9.1