Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
2020-07-01T14:15:14.340
2024-11-21T04:59:54.160
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | envoyproxy | envoy | ≤ 1.12.4 | Yes |
Application | envoyproxy | envoy | 1.13.2 | Yes |
Application | envoyproxy | envoy | 1.14.2 | Yes |