Description

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.

Remediation

References

CVE-2019-15225

Related Vulnerabilities

WebLogic Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2018-1000613)

Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0796)

Joomla Configuration Vulnerability (CVE-2008-3228)

WordPress Plugin EWWW Image Optimizer Cross-Site Request Forgery (5.8.1)

Severity

High

Classification

CVE-2019-15225 CWE-770 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities