CVE-2019-18838

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-18838

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18838.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-18838

Related

GHSA-f2rv-4w6x-rwhc

Published

2019-12-13T13:15:11Z

Modified

2025-02-19T02:49:07.034895Z

Downstream

RHSA-2019:4222

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.

References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type: GIT
Repo: https://github.com/envoyproxy/envoy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

44f8c365a1f1798f0af776f6aa64279dc68f5666

Affected versions

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.12.1

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0