Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Envoy allows large requests and responses to cause TCP connection pool crash
Vulnerability Description
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1.34.9, and 1.33.10.
CVSS Information
N/A
Vulnerability Type
空指针解引用
Vulnerability Title
Envoy 安全漏洞
Vulnerability Description
Envoy是Enphase开源的一款用于连接智能家居设备的网关程序。 Envoy 1.36.1之前版本、1.35.5之前版本、1.34.9之前版本和1.33.10之前版本存在安全漏洞,该漏洞源于流控制管理不当,可能导致TCP连接池崩溃。
CVSS Information
N/A
Vulnerability Type
N/A