6.5
CVE-2026-47207
- EPSS 0.44%
- Veröffentlicht 26.06.2026 17:52:27
- Zuletzt bearbeitet 27.06.2026 20:20:41
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the first response in the batch causes the gRPC stream object to be destroyed, leading to a use-after-free error when Envoy attempts to process subsequent responses in the same gRPC message. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Envoyproxy ≫ Envoy Version >= 1.34.0 < 1.35.13
Envoyproxy ≫ Envoy Version >= 1.36.0 < 1.36.9
Envoyproxy ≫ Envoy Version >= 1.37.0 < 1.37.5
Envoyproxy ≫ Envoy Version >= 1.38.0 < 1.38.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.355 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://github.com/envoyproxy/envoy/security/advisories/GHSA-68cv-hq5f-g6xv