Vulnerabilities > CVE-2019-18836 - Infinite Loop vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

envoyproxy

istio

CWE-835

nessus

NVD

Published: 2019-11-11

Updated: 2023-11-07

Summary

Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."

Vulnerable Configurations

Part	Description	Count
Application	Envoyproxy Envoyproxy Envoy 1.12.0	1
Application	Istio Istio Istio 1.3.0 Istio Istio 1.3.1 Istio Istio 1.3.2 Istio Istio 1.3.3	9

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Nessus

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-2_0-0229_ENVOY.NASL
description	An update of the envoy package has been released.
last seen	2020-04-30
modified	2020-04-22
plugin id	135867
published	2020-04-22
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135867
title	Photon OS 2.0: Envoy PHSA-2020-2.0-0229

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0290_ENVOY.NASL
description	An update of the envoy package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136105
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136105
title	Photon OS 1.0: Envoy PHSA-2020-1.0-0290

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References