CVE-2019-15225
First published: Mon Aug 19 2019(Updated: )
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Envoy Proxy | <=1.11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15225?
CVE-2019-15225 is a vulnerability in Envoy through 1.11.1 that allows a remote attacker to cause a denial of service attack by sending a request with a very long URI, resulting in excessive memory consumption.
How does CVE-2019-15225 affect users?
CVE-2019-15225 affects users of Envoy through version 1.11.1.
What is the severity of CVE-2019-15225?
CVE-2019-15225 has a severity rating of 7.5 (high).
How can the CVE-2019-15225 vulnerability be exploited?
An attacker can exploit CVE-2019-15225 by sending a request with a long URI, causing excessive memory consumption and resulting in a denial of service attack.
Is there a fix available for CVE-2019-15225?
Yes, users should upgrade to a version of Envoy later than 1.11.1 to mitigate the CVE-2019-15225 vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/envoyproxy
- canonical/envoy proxy
- version/envoy proxy/1.11.1