We found results for “


Good to know:


Date: February 20, 2019

In Envoy v1.9.0 and v1.9.1, it was possible to have two filter chains that didn't have proto equivalent FilterChainMatches, yet had semantically equivalent matchers. E.g. when one filter chain has a not-yet-implemented field. This led to a situation where the first filter chain might register for SDS (and corresponding initialization callbacks), then the second equivalent filter chain would replace it, freeing up the callback target. When SDS initialized, the stale callback would be invoked, resulting in heap-user-after-free.

Language: C++

Severity Score

Severity Score

Weakness Type (CWE)

Heap-based Buffer Overflow


Top Fix


Upgrade Version

Upgrade to version v1.10.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us