Note:
This project will be discontinued after December 13, 2021. [more]
2019-08-19
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
| Products | Envoy |
| Type | Uncontrolled Resource Consumption (CWE-400) |
| First patch | - None (likely due to unavailable code) |
| Links | https://github.com/envoyproxy/envoy/issues/7728 |