CVE-2020-35471
published 2020-12-15CVE-2020-35471: Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.36%
81.7th percentile
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| envoyproxy | envoy | < 1.16.1 | 1.16.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
envoy: mishandling dropped and truncated datagrams leads to segfault and DoS
vendor_redhat·2020-11-20·CVSS 7.5
CVE-2020-35471 [HIGH] CWE-476 envoy: mishandling dropped and truncated datagrams leads to segfault and DoS
envoy: mishandling dropped and truncated datagrams leads to segfault and DoS
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
A NULL pointer dereference vulnerability was found in Envoy. During the handling of truncated or dropped UDP datagrams, this flaw allows an attacker to specify the length of the packet to be larger than 1500 bytes and cause the envoy proxy process to segfault, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Statement: While OpenShift ServiceMesh (OSSM) does package a vulnerable version of Envoy, it does not implement the UDP proxy in Envoy. Therefore, it has been assessed with a Low impact, Wontfix, and may be addr
GHSA
GHSA-vc66-g998-2h5p: Envoy before 1
ghsa_unreviewed·2022-05-24
CVE-2020-35471 [HIGH] GHSA-vc66-g998-2h5p: Envoy before 1
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1https://github.com/envoyproxy/envoy/issues/14113https://github.com/envoyproxy/envoy/pull/14122https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1https://github.com/envoyproxy/envoy/issues/14113https://github.com/envoyproxy/envoy/pull/14122
2020-12-15
Published