CVE-2020-12603
First published: Wed Jul 01 2020(Updated: )
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Envoyproxy Envoy | <=1.12.4 | |
| Envoyproxy Envoy | =1.13.2 | |
| Envoyproxy Envoy | =1.14.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12603?
CVE-2020-12603 is a vulnerability in Envoy versions 1.14.2, 1.13.2, 1.12.4, and earlier that can result in excessive memory consumption when proxying HTTP/2 requests or responses with many small data frames.
How does CVE-2020-12603 affect Envoy?
CVE-2020-12603 affects Envoy versions 1.14.2, 1.13.2, 1.12.4, and earlier by causing excessive memory usage when handling HTTP/2 traffic with numerous small data frames.
What is the severity of CVE-2020-12603?
The severity of CVE-2020-12603 is rated as high with a CVSS score of 7.5.
How can I fix CVE-2020-12603?
To fix CVE-2020-12603, upgrade to a version of Envoy that is not affected, such as 1.14.3, 1.13.3, or 1.12.5, or any later version.
Where can I find more information about CVE-2020-12603?
Additional information on CVE-2020-12603 can be found in the vulnerability advisory on the Envoy GitHub page: [link].
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/envoyproxy
- canonical/envoyproxy envoy
- version/envoyproxy envoy/1.12.4
- version/envoyproxy envoy/1.13.2
- version/envoyproxy envoy/1.14.2