4.8
CVE-2026-47692
- EPSS 0.22%
- Veröffentlicht 26.06.2026 17:59:38
- Zuletzt bearbeitet 27.06.2026 20:09:48
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in the header. This can result in smuggled bytes on the upstream request. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Envoyproxy ≫ Envoy Version >= 1.34.0 < 1.35.13
Envoyproxy ≫ Envoy Version >= 1.36.0 < 1.36.9
Envoyproxy ≫ Envoy Version >= 1.37.0 < 1.37.5
Envoyproxy ≫ Envoy Version >= 1.38.0 < 1.38.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.122 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security-advisories@github.com | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
|
CWE-130 Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
https://github.com/envoyproxy/envoy/security/advisories/GHSA-wh36-hm39-mm3r