漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format
Vulnerability Description
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in log format and host related options is specified, like HOST_FIRST, SNI_FIRST, it's possible to crash Envoy when the specified host header is missing in the request headers. This vulnerability is fixed in 1.37.5 and 1.38.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Envoy Proxy Envoy 异常处理不当漏洞
Vulnerability Description
Envoy Proxy Envoy是Envoy Proxy团队的应用网关。 Envoy Proxy Envoy 1.38.0至1.38.3之前版本和1.37.0至1.37.5之前版本存在异常处理不当漏洞,该漏洞源于当在日志格式中使用%REQUESTED_SERVER_NAME(X:Y)%并指定主机相关选项(如HOST_FIRST、SNI_FIRST)时,若请求标头中缺少指定主机标头,可能导致Envoy崩溃。
CVSS Information
N/A
Vulnerability Type
N/A