x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659

CVE-2020-8659 references [github.com/envoyproxy/envoy](https://github.com/envoyproxy/envoy), which may be a Go module.

Description:
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

References:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-8659
- web: https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history
- advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv
- web: https://access.redhat.com/errata/RHSA-2020:0734
- web: https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html
- Imported by: https://pkg.go.dev/github.com/envoyproxy/envoy?tab=importedby

Cross references:
- Module github.com/envoyproxy/envoy appears in issue #330  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #331  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #332  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #333  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #334  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #335  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #336  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #337  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #484  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #485  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #486  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #487  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #488  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1690  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1691  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1692  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1693  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1694  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1695  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1917  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1921  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1966  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1968  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1969  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #1970  NOT_GO_CODE
- Module github.com/envoyproxy/envoy appears in issue #2106  NOT_GO_CODE


See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.28.0
      packages:
        - package: n/a
cves:
    - CVE-2020-8659
references:
    - web: https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history
    - advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv
    - web: https://access.redhat.com/errata/RHSA-2020:0734
    - web: https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659 #2307

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659 #2307

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions