CVE-2020-8659 – envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1
https://notcve.org/view.php?id=CVE-2020-8659
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. CNCF Envoy versiones hasta 1.13.0, puede consumir cantidades excesivas de memoria cuando se hace proxy a peticiones o respuestas HTTP/1.1 con muchos fragmentos pequeños (es decir, 1 byte). A resource consumption vulnerability was found in the servicemesh-proxy in Envoy. An attacker could send specially crafted small HTTP/1.1 packets that, when processed, could cause excessive amounts of memory to be used, possibly degrading or crashing the application. • https://access.redhat.com/errata/RHSA-2020:0734 https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history https://access.redhat.com/security/cve/CVE-2020-8659 https://bugzilla.redhat.com/show_bug.cgi?id=1802539 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-1704 – openshift-service-mesh/kiali-rhel7-operator: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1704
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en OpenShift ServiceMesh (maistra) todas las versiones anteriores a 1.0.8 en el openshift/istio-kialia-rhel7-operator-container. Un atacante con acceso al contenedor podría utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. An insecure modification vulnerability in the /etc/passwd file was found in the openshift-service-mesh/kiali-rhel7-operator. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1704 https://access.redhat.com/security/cve/CVE-2020-1704 https://bugzilla.redhat.com/show_bug.cgi?id=1793305 https://access.redhat.com/articles/4859371 • CWE-266: Incorrect Privilege Assignment CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-8595 – istio: unauthorised access to JWT protected HTTP path
https://notcve.org/view.php?id=CVE-2020-8595
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. Las versiones Istio 1.2.10 (End of Life) y anteriores, 1.3 a 1.3.7, y 1.4 a 1.4.3 permiten la omisión de autenticación. • https://access.redhat.com/errata/RHSA-2020:0477 https://access.redhat.com/security/cve/cve-2020-8595 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595 https://github.com/istio/istio/commits/master https://istio.io/news/security https://istio.io/news/security/istio-security-2020-001 https://access.redhat.com/security/cve/CVE-2020-8595 https://bugzilla.redhat.com/show_bug.cgi?id=1798247 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2019-9518 – Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://seclists.org/fulldisclosure/2019/Aug/16 https://access.redhat.com/errata/RHSA-2019:2925 https://access.redhat.com/errata/RHSA-2019:2939 https://access.redhat.com/errata/RHSA-2019:2955 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://access.redhat.com/errata/RHSA-2020:0727 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-9516 – Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Algunas implementaciones de HTTP / 2 son vulnerables a una fuga de encabezado, lo que puede conducir a una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html http://seclists.org/fulldisclosure/2019/Aug/16 https://access.redhat.com/errata/RHSA-2019:2745 https://access.redhat.com/errata/RHSA-2019:2746 https://access.redhat.com/errata/RHSA-2019:2775 https • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •