Malformed HTTP request without the Host header may cause abnormal termination of the Envoy process
Note the alias for this issue is CVE-1019-18838 but should be CVE-2019-18838, I've updated the summary but there appears to be something else to be updated by the security team. Tim added the same comment on 25th November.
External References: https://groups.google.com/forum/#!topic/envoy-users/m7z5fGkCzPI https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc
This issue has been addressed in the following products: Openshift Service Mesh 1.0 OpenShift Service Mesh 1.0 Via RHSA-2019:4222 https://access.redhat.com/errata/RHSA-2019:4222
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-18838