Search for packages
Package details: pkg:golang/istio.io/istio@1.5.6
purl pkg:golang/istio.io/istio@1.5.6
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-17ev-b3gv-aaak
Aliases:
CVE-2020-12603
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames. There are no reported fixed by versions.
VCID-jmzf-2r8j-aaaf
Aliases:
CVE-2020-8663
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. There are no reported fixed by versions.
VCID-ndh8-q9rv-aaad
Aliases:
CVE-2020-12605
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. There are no reported fixed by versions.
VCID-p7jq-wvxq-aaac
Aliases:
CVE-2020-12604
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version