OSV-2018-95

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/envoy/OSV-2018-95.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2018-95

Published

2021-01-13T00:00:42.203275Z

Modified

2022-04-13T03:04:31.605627Z

Summary

Heap-use-after-free in Envoy::FakeConnectionBase::close

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8783

Crash type: Heap-use-after-free READ 1
Crash state:
Envoy::FakeConnectionBase::close
Envoy::Event::DispatcherImpl::runPostCallbacks
event_process_active_single_queue

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8783

Affected packages

OSS-Fuzz / envoy

Package

Name: envoy
Purl: pkg:generic/envoy

Affected ranges

Type: GIT
Repo: https://github.com/envoyproxy/envoy.git
Events: Introduced

f9b2041af0ca5dda5daed5ef80816e907fb0c6fd

Fixed

a89eb3c59204caa3e0cd1bcd845bcb1a0be95267

Ecosystem specific

{
    "severity": "HIGH",
    "fixed_range": "09c5d356684194f8b06df1a6b62f27a1a9cb1d69:a89eb3c59204caa3e0cd1bcd845bcb1a0be95267"
}