FreeBSD Bugzilla – Attachment 216163 Details for
Bug 247735
envoy/istio: Multiple vulnerabilites
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for vuxml to inform istio + envoy users
envoy.diff (text/plain), 2.01 KB, created by
rob2g2
on 2020-07-03 08:57:06 UTC
(
hide
)
Description:
patch for vuxml to inform istio + envoy users
Filename:
MIME Type:
Creator:
rob2g2
Created:
2020-07-03 08:57:06 UTC
Size:
2.01 KB
patch
obsolete
>--- vuln2.xml Fri Jul 3 09:57:24 2020 >+++ vuln.xml Fri Jul 3 10:55:22 2020 >@@ -60,0 +61,42 @@ >+ <vuln vid="d95ac560-bd02-11ea-b78f-b42e99a1b9c3"> >+ <topic>envoy -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>istio</name> >+ <range><ge>1.5.0</ge><lt>1.5.6</lt></range> >+ </package> >+ <package> >+ <name>envoy</name> >+ <range><lt>1.12.5</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>istio developers report:</p> >+ <blockquote cite="https://istio.io/latest/news/security/istio-security-2020-007/"> >+ <p>Envoy, and subsequently Istio, are vulnerable to four newly discovered vulnerabilities</p> >+ <ul> >+ <li>CVE-2020-12603: By sending a specially crafted packet, an attacker could cause Envoy to consume excessive amounts of memory when proxying HTTP/2 requests or responses.</li> >+ <li>CVE-2020-12605: An attacker could cause Envoy to consume excessive amounts of memory when processing specially crafted HTTP/1.1 packets.</li> >+ <li>CVE-2020-8663: An attacker could cause Envoy to exhaust file descriptors when accepting too many connections.</li> >+ <li>CVE-2020-12604: An attacker could cause increased memory usage when processing specially crafted packets.</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6</url> >+ <url>https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx</url> >+ <url>https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777</url> >+ <url>https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997</url> >+ <cvename>CVE-2020-8663</cvename> >+ <cvename>CVE-2020-12605</cvename> >+ <cvename>CVE-2020-12604</cvename> >+ <cvename>CVE-2020-12603</cvename> >+ </references> >+ <dates> >+ <discovery>2020-06-30</discovery> >+ <entry>2020-07-03</entry> >+ </dates> >+ </vuln> >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=216163">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 247735
: 216163