CVE-2019-18838 — NULL Pointer Dereference in Envoy

CWE-476 — NULL Pointer Dereference CWE-358 — Improperly Implemented Security Check for Standard4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 72.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Envoyproxy Envoy

Timeline

PublishedDec 13

Latest updateMay 24

Description

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDenvoyproxy/envoy1.12.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-m3j5-qf4q-m73w: An issue was discovered in Envoy 1↗2022-05-24

▶

📋Vendor Advisories

Red Hat

envoy: malformed HTTP request without the Host header may cause abnormal termination of the Envoy process↗2019-12-10

▶

💬Community

Bugzilla

CVE-2019-18838 envoy: malformed HTTP request without the Host header may cause abnormal termination of the Envoy process↗2019-11-18

▶