Denial of Service Vulnerability in Envoy (CVE-2019-14993)

Denial of Service Vulnerability in Envoy (CVE-2019-14993)

CVE-2019-15225 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.

Learn more about our User Device Pen Test.