Vulnerabilities > CVE-2019-18838 - NULL Pointer Dereference vulnerability in Envoyproxy Envoy

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
envoyproxy
CWE-476
nessus
NVD
Published: 2019-12-13
Updated: 2023-11-07

Summary

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.

Vulnerable Configurations

Part Description Count
Application
Envoyproxy
19

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0229_ENVOY.NASL
    descriptionAn update of the envoy package has been released.
    last seen2020-04-30
    modified2020-04-22
    plugin id135867
    published2020-04-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135867
    titlePhoton OS 2.0: Envoy PHSA-2020-2.0-0229
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0290_ENVOY.NASL
    descriptionAn update of the envoy package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136105
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136105
    titlePhoton OS 1.0: Envoy PHSA-2020-1.0-0290
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4222.NASL
    descriptionRed Hat OpenShift Service Mesh 1.0.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Service Mesh is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id132031
    published2019-12-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132031
    titleRHEL 8 : Red Hat OpenShift Service Mesh 1.0.3 RPMs (RHSA-2019:4222)

Redhat

rpms
  • kiali-0:v1.0.8.redhat1-1.el7
  • servicemesh-0:1.0.3-1.el8
  • servicemesh-citadel-0:1.0.3-1.el8
  • servicemesh-cni-0:1.0.3-1.el8
  • servicemesh-galley-0:1.0.3-1.el8
  • servicemesh-grafana-0:6.2.2-25.el8
  • servicemesh-grafana-prometheus-0:6.2.2-25.el8
  • servicemesh-istioctl-0:1.0.3-1.el8
  • servicemesh-mixc-0:1.0.3-1.el8
  • servicemesh-mixs-0:1.0.3-1.el8
  • servicemesh-operator-0:1.0.3-1.el8
  • servicemesh-pilot-agent-0:1.0.3-1.el8
  • servicemesh-pilot-discovery-0:1.0.3-1.el8
  • servicemesh-prometheus-0:2.7.2-26.el8
  • servicemesh-proxy-0:1.0.3-1.el8
  • servicemesh-sidecar-injector-0:1.0.3-1.el8

References