CVE-2019-15225
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
HIGH · CVSS 7.5
EPSS 0.00145
Act now
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0