CVE-2020-8659

Severity

7.5HIGH

EPSS

1.0%

top 22.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 4

Description

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

▶NVDcncf/envoy1.13.0

Also affects: Debian Linux 9.0

CVEList

CVE-2020-8659: CNCF Envoy through 1↗2020-03-04

▶

Red Hat

envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1↗2020-03-03

▶

Bugzilla

CVE-2020-8659 envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1↗2020-02-13

▶