CVE-2020-35471NULL Pointer Dereference in Envoy

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 78.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Envoyproxy Envoy
Timeline
PublishedDec 15
Latest updateMay 24

Description

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDenvoyproxy/envoy< 1.16.1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

1
GHSA
GHSA-vc66-g998-2h5p: Envoy before 12022-05-24

📋Vendor Advisories

1
Red Hat
envoy: mishandling dropped and truncated datagrams leads to segfault and DoS2020-11-20
CVE-2020-35471 — NULL Pointer Dereference in Envoy | cvebase