Vulnerabilities > Envoyproxy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-35471 | Unspecified vulnerability in Envoyproxy Envoy Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | 5.0 |
| 2020-12-15 | CVE-2020-35470 | Unspecified vulnerability in Envoyproxy Envoy Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. low complexity envoyproxy | 5.8 |
| 2020-10-01 | CVE-2020-25018 | Unspecified vulnerability in Envoyproxy Envoy 2D69E30 Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. | 7.5 |
| 2020-10-01 | CVE-2020-25017 | Unspecified vulnerability in Envoyproxy Envoy Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. | 8.3 |
| 2020-07-14 | CVE-2020-15104 | Origin Validation Error vulnerability in Envoyproxy Envoy In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. | 5.5 |
| 2020-07-01 | CVE-2020-8663 | Resource Exhaustion vulnerability in Envoyproxy Envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. | 5.0 |
| 2020-07-01 | CVE-2020-12605 | Resource Exhaustion vulnerability in Envoyproxy Envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. | 5.0 |
| 2020-07-01 | CVE-2020-12604 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Envoyproxy Envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. | 5.0 |
| 2020-07-01 | CVE-2020-12603 | Resource Exhaustion vulnerability in Envoyproxy Envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. | 5.0 |
| 2020-04-15 | CVE-2020-11767 | Information Exposure vulnerability in multiple products Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. | 2.6 |