vulnerability

VMware Photon OS: CVE-2019-18838

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Dec 13, 2019	Jan 20, 2025	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Dec 13, 2019

Added

Jan 20, 2025

Modified

Jul 2, 2025

Description

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.

Solution

vmware-photon_os_update_tdnf

References

CVE-2019-18838
https://attackerkb.com/topics/CVE-2019-18838
CWE-476

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today