CVE-2020-35470
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-35470
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35470.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-35470
- Aliases
- Published
- 2020-12-15T01:15:13Z
- Modified
- 2025-10-21T05:53:01.421621Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
- References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
Database specific
vanir_signatures
[
{
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-35470-373da623",
"target": {
"file": "source/server/connection_handler_impl.cc"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"131204029759339862986326872176907194143",
"8315711033336415069387641955587933397",
"180178330427094755049822304876287727863",
"154652574641508373041638957818451707934"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-35470-4471e0c5",
"target": {
"file": "test/integration/proxy_proto_integration_test.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"304832360493619245575785821857941230522",
"58072314304350740758434783398840774936",
"253066578701505843595586025947161622852",
"143395993664261232895963008373531278921",
"90535865904670140656649989927407341081",
"30695165069688148553736720927527606474",
"273542442853495813808105517980188796478",
"44454462798017145680154333844542751925",
"98738407283226628477786289393006431257",
"112043481163063748425909700695669389018",
"156095165858063837556317049279107360653",
"260460737136737242659349249103925760821",
"324980028845647638019925282319855723158",
"287840385617234031781812252431680592404",
"215831503921888146377477691678125399780"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-35470-5bd07ec1",
"target": {
"file": "test/integration/proxy_proto_integration_test.cc"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"317158422460062390569541586553340651141",
"188545860483965097382454808649672515013",
"87136608404409369736246237155290488473",
"29667346942229151296377789069746541136",
"173345536128078706522041138752856204893",
"262294055421710382396638433211288245350",
"317163328929627490087814819905050249142"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-35470-64c1d30b",
"target": {
"function": "ProxyProtoIntegrationTest",
"file": "test/integration/proxy_proto_integration_test.h"
},
"digest": {
"length": 607.0,
"function_hash": "185610297851602743970956302374790945869"
},
"signature_type": "Function"
}
]