We found results for “”
WS-2019-0519
Good to know:
Date: February 20, 2019
In Envoy v1.9.0 and v1.9.1, it was possible to have two filter chains that didn't have proto equivalent FilterChainMatches, yet had semantically equivalent matchers. E.g. when one filter chain has a not-yet-implemented field. This led to a situation where the first filter chain might register for SDS (and corresponding initialization callbacks), then the second equivalent filter chain would replace it, freeing up the callback target. When SDS initialized, the stale callback would be invoked, resulting in heap-user-after-free.
Language: C++
Severity Score
Severity Score
Weakness Type (CWE)
Heap-based Buffer Overflow
CWE-122Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |