Description
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Maintenance Mode Cross-Site Scripting (2.2.3)
GlassFish Improper Input Validation Vulnerability (CVE-2011-5035)
MySQL CVE-2018-3062 Vulnerability (CVE-2018-3062)
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-6370)
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)