Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Envoy 缓冲区错误漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 1.12.0版本中存在缓冲区错误漏洞,该漏洞源于程序没有正确检查边界。远程攻击者可借助特制HTTP/2请求利用该漏洞损坏堆内存的内容或绕过Envoy的访问控制机制。
CVSS Information
N/A
Vulnerability Type
N/A