First published: Thu Feb 13 2020(Updated: )
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/envoy | <1.13.1 | 1.13.1 |
CNCF Envoy | <=1.13.0 | |
Redhat Openshift Service Mesh | =1.0.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8661 refers to a vulnerability in CNCF Envoy through 1.13.0 that may consume excessive amounts of memory when responding internally to pipelined requests.
CVE-2020-8661 has a severity score of 7.5, which is considered high.
CNCF Envoy versions up to and including 1.13.0, Redhat Openshift Service Mesh version 1.0.9.
To fix CVE-2020-8661, upgrade to CNCF Envoy version 1.13.1 or higher.
You can find more information about CVE-2020-8661 at the following references: <a href="https://access.redhat.com/errata/RHSA-2020:0734">Red Hat advisory</a>, <a href="https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7">Envoy security advisory</a>, <a href="https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history">Envoy version history</a>.