{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-15T00:48:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/envoyproxy/envoy/issues/14113"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/envoyproxy/envoy/pull/14122"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35471", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1", "refsource": "MISC", "url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"}, {"name": "https://github.com/envoyproxy/envoy/issues/14113", "refsource": "MISC", "url": "https://github.com/envoyproxy/envoy/issues/14113"}, {"name": "https://github.com/envoyproxy/envoy/pull/14122", "refsource": "MISC", "url": "https://github.com/envoyproxy/envoy/pull/14122"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:02:07.948Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/issues/14113"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/pull/14122"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35471", "datePublished": "2020-12-15T00:48:24", "dateReserved": "2020-12-15T00:00:00", "dateUpdated": "2024-08-04T17:02:07.948Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "49543588-1B38-4406-AE61-5414E7CD6B4B", "versionEndExcluding": "1.16.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500."}, {"lang": "es", "value": "Envoy versiones anteriores a 1.16.1, maneja inapropiadamente datagramas perdidos y truncados, como es demostrado por un fallo de segmentaci\u00f3n para un tama\u00f1o de paquete UDP m\u00e1s largo que 1500"}], "id": "CVE-2020-35471", "lastModified": "2020-12-16T16:54:59.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-15T01:15:13.870", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/issues/14113"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/pull/14122"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "envoy: mishandling dropped and truncated datagrams leads to segfault and DoS", "id": "1907804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907804"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.", "A NULL pointer dereference vulnerability was found in Envoy. During the handling of truncated or dropped UDP datagrams, this flaw allows an attacker to specify the length of the packet to be larger than 1500 bytes and cause the envoy proxy process to segfault, resulting in a denial of service. The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-35471", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:1", "fix_state": "Will not fix", "impact": "low", "package_name": "servicemesh-proxy", "product_name": "OpenShift Service Mesh 1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-proxy", "product_name": "OpenShift Service Mesh 2.0"}], "public_date": "2020-11-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-35471\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35471"], "statement": "While OpenShift ServiceMesh (OSSM) does package a vulnerable version of Envoy, it does not implement the UDP proxy in Envoy. Therefore, it has been assessed with a Low impact, Wontfix, and may be addressed in a future release.", "threat_severity": "Important", "upstream_fix": "envoy 1.16.1"}