CVE-2020-35471
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-35471
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35471.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-35471
- Aliases
- Downstream
- Related
- Published
- 2020-12-15T01:15:13.870Z
- Modified
- 2025-11-20T11:26:26.992942Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
- References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"131204029759339862986326872176907194143",
"8315711033336415069387641955587933397",
"180178330427094755049822304876287727863",
"154652574641508373041638957818451707934"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-35471-373da623",
"target": {
"file": "source/server/connection_handler_impl.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c"
},
{
"digest": {
"line_hashes": [
"304832360493619245575785821857941230522",
"58072314304350740758434783398840774936",
"253066578701505843595586025947161622852",
"143395993664261232895963008373531278921",
"90535865904670140656649989927407341081",
"30695165069688148553736720927527606474",
"273542442853495813808105517980188796478",
"44454462798017145680154333844542751925",
"98738407283226628477786289393006431257",
"112043481163063748425909700695669389018",
"156095165858063837556317049279107360653",
"260460737136737242659349249103925760821",
"324980028845647638019925282319855723158",
"287840385617234031781812252431680592404",
"215831503921888146377477691678125399780"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-35471-4471e0c5",
"target": {
"file": "test/integration/proxy_proto_integration_test.h"
},
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c"
},
{
"digest": {
"line_hashes": [
"317158422460062390569541586553340651141",
"188545860483965097382454808649672515013",
"87136608404409369736246237155290488473",
"29667346942229151296377789069746541136",
"173345536128078706522041138752856204893",
"262294055421710382396638433211288245350",
"317163328929627490087814819905050249142"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-35471-5bd07ec1",
"target": {
"file": "test/integration/proxy_proto_integration_test.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c"
},
{
"digest": {
"length": 607.0,
"function_hash": "185610297851602743970956302374790945869"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-35471-64c1d30b",
"target": {
"file": "test/integration/proxy_proto_integration_test.h",
"function": "ProxyProtoIntegrationTest"
},
"source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c"
}
]