x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836

CVE-2019-18836 references [github.com/envoyproxy/envoy](https://github.com/envoyproxy/envoy), which may be a Go module.

Description:
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."

References:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-18836
- web: https://groups.google.com/forum/#!forum/envoy-users
- web: https://blog.envoyproxy.io
- advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46
- report: https://github.com/istio/istio/issues/18229
- Imported by: https://pkg.go.dev/github.com/envoyproxy/envoy?tab=importedby

Cross references:
- Module github.com/envoyproxy/envoy appears in issue #330  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #331  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #332  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #333  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #334  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #335  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #336  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #337  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #484  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #485  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #486  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #487  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #488  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1690  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1691  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1692  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1693  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1694  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1695  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1917  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1921  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1966  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1968  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1969  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1970  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #2106  NOT_GO_CODE


See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.28.0
      packages:
        - package: n/a
cves:
    - CVE-2019-18836
references:
    - web: https://groups.google.com/forum/#!forum/envoy-users
    - web: https://blog.envoyproxy.io
    - advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46
    - report: https://github.com/istio/istio/issues/18229

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836 #2249

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836 #2249

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions