Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0519
Date: February 20, 2019
In Envoy v1.9.0 and v1.9.1, it was possible to have two filter chains that didn't have proto equivalent FilterChainMatches, yet had semantically equivalent matchers. E.g. when one filter chain has a not-yet-implemented field. This led to a situation where the first filter chain might register for SDS (and corresponding initialization callbacks), then the second equivalent filter chain would replace it, freeing up the callback target. When SDS initialized, the stale callback would be invoked, resulting in heap-user-after-free.
Language: C++
Severity Score
Severity Score
Weakness Type (CWE)
Heap-based Buffer Overflow
CWE-122CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | HIGH |