Envoy through 1.14.1 may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
Acknowledgments: Name: the Envoy security team
External References: https://istio.io/latest/news/security/istio-security-2020-007/
Upstream commit: https://github.com/envoyproxy/envoy/commit/7ca28ff7d46454ae930e193d97b7d08156b1ba59
This issue has been addressed in the following products: OpenShift Service Mesh 1.1 Via RHSA-2020:2798 https://access.redhat.com/errata/RHSA-2020:2798
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12605
This issue has been addressed in the following products: OpenShift Service Mesh 1.0 Via RHSA-2020:2864 https://access.redhat.com/errata/RHSA-2020:2864