CVE-2019-15226
- Source
- https://cve.org/CVERecord?id=CVE-2019-15226
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15226.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-15226
- Published
- 2019-10-09T16:15:14.687Z
- Modified
- 2025-11-14T09:17:16.260662Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.
- References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15226.json"
vanir_signatures
[
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-02f7141c",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/common/http/http1/codec_impl.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"105451665236196291749567483192154538747",
"300963400416791336473083580666411977964",
"262783449046671330819805737407166872505",
"124624870439034919538739244975396268989",
"41315103291590425133354224749316070781",
"46897945457107718498796843528942811818",
"223166835335775365087342269973429435703",
"189691477264322981853126117010201187043",
"113242686896289033500132502189302410161"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-030fa0a0",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::removeInline"
},
"deprecated": false,
"digest": {
"function_hash": "111304117939641596727780697816626669047",
"length": 170.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-036a6d70",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/integration/http_integration.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"10059644438498474643053895761752161609",
"334741074572207257552335947516802648910",
"286303753482885056821046715377081130475",
"123569768188779093843126445859008280122",
"19586270421135939131977225802457128671",
"30253711639117915347191949355485779331",
"169823987587102231889645522303571374712",
"333681123375492835142504130517173022551",
"77013875712117853189417695563421867371",
"137796161230247798243405213741446203393",
"20139123810021678685764506419109743833",
"64426976444555696626539802416500153522",
"52207346557039995626213388210307247631",
"303376811995539331804653905144202965128",
"151606682383514903370917421284173673409",
"273315937862988656838399531613327608359",
"326845304360875777106312005054499595773",
"317540825986888010419605407415828786508",
"92039431263459000803695954308723020134",
"159045988610435631755326720630674827053",
"52275471897006415000129632431241607483",
"112382886026258999097625329875596954784",
"75153701278555948675438980633372453503",
"176616453452848149541293804582324034694"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-0d9bfda0",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "38373499093082445617698275968245911834",
"length": 520.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-0deb5d1c",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/conn_manager_impl.cc",
"function": "ConnectionManagerImpl::ActiveStream::~ActiveStream"
},
"deprecated": false,
"digest": {
"function_hash": "86245537212660782478277928856284240237",
"length": 1292.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-0efbb2b1",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/integration/protocol_integration_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"144839456349141162143362420853259678755",
"313810802057028059847533436407532338139",
"66941182083191899370284936959081980418",
"11340389020688917357858991935676641555",
"145295170516418543557386254602679851911",
"103380095595225789032269411218484691408"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-11c6efcc",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/router/router.cc",
"function": "Filter::UpstreamRequest::~UpstreamRequest"
},
"deprecated": false,
"digest": {
"function_hash": "322540361339413402656763054650994401066",
"length": 656.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-164fb90e",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/extensions/filters/http/rbac/rbac_filter.cc",
"function": "RoleBasedAccessControlFilter::decodeHeaders"
},
"deprecated": false,
"digest": {
"function_hash": "298752258396850761484758042918187691821",
"length": 2567.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-18ad670d",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::maybeCreateInline"
},
"deprecated": false,
"digest": {
"function_hash": "81834504723890414966312029717597463245",
"length": 294.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-194c4199",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::byteSize"
},
"deprecated": false,
"digest": {
"function_hash": "2041885908650806621336444036566946299",
"length": 204.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-1d3a24e1",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/http2/codec_impl.cc",
"function": "ConnectionImpl::onFrameReceived"
},
"deprecated": false,
"digest": {
"function_hash": "18383572345759488019406697847832996291",
"length": 2522.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-1e48ffcd",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::addCopy"
},
"deprecated": false,
"digest": {
"function_hash": "204903865336026053364778573279943371817",
"length": 512.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-2677f7e5",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::appendToHeader"
},
"deprecated": false,
"digest": {
"function_hash": "76802703477754862206310664648992242296",
"length": 229.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-285a074c",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "172095488116966236497406461563499799113",
"length": 205.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-2b8e2099",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/conn_manager_impl_test.cc",
"function": "TEST_F"
},
"deprecated": false,
"digest": {
"function_hash": "102260595139867367711573662423464770453",
"length": 902.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-2ba9a83b",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/common/router/router.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"76140208582611652010711151103264378677",
"269098574286907504537571502013384559428",
"26438219059630374402866430400823795533",
"325052572969969508375234350152023548252"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-2c25654b",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "286516080147091598387034319247972707403",
"length": 1193.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-2c8f1b8a",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/extensions/filters/common/expr/context.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"145861795172770152396336130370022078572",
"60770706676195788180035866348668378690",
"20123253390597104985688600268241335828",
"209518577441708421808155252292084755474"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-2f48f4fe",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/http1/codec_impl.cc",
"function": "ConnectionImpl::onHeaderValue"
},
"deprecated": false,
"digest": {
"function_hash": "258609210455591712025198010791672433754",
"length": 1067.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-30032d22",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/common/http/http2/codec_impl.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"167743222243694596978124956881162633330",
"186883341530713090607574945843228836846",
"103737240615581185991933712970021765421",
"28746098411786336849773039991332510798",
"16984119518436393139960390878973409478",
"35739515645589980962247474198542148655",
"235663395761233403369044499140987726277",
"6017857596325531889408277931550364867",
"202161776368446411814679698793214034226",
"27254673308048631650051693799381752777",
"21044020897370872475960067253913456705",
"229396217009137547330572552385838789316",
"50197592846317602339325649794800846803"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-395e1dc3",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/http2/codec_impl.cc",
"function": "ConnectionImpl::saveHeader"
},
"deprecated": false,
"digest": {
"function_hash": "122495206680648020326642705577396714655",
"length": 471.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-3d646028",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/extensions/access_loggers/grpc/http_grpc_access_log_impl.cc",
"function": "HttpGrpcAccessLog::emitLog"
},
"deprecated": false,
"digest": {
"function_hash": "197408923276997060131372883350892725395",
"length": 3660.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-3f7e3759",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "include/envoy/http/header_map.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"119278307258120192685242371077891143983",
"200872826263850056836623882639907551623",
"7104307586827214829792326075192219490",
"192756140258409724353999703868807642410"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-42e899a1",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "183050295957377134544866426698598335571",
"length": 819.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-491282ff",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::get"
},
"deprecated": false,
"digest": {
"function_hash": "99171280403078624483491948644776130518",
"length": 200.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-4bbd775e",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/common/http/conn_manager_impl.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"35764316946805844317499772620035786410",
"339561743201034227196184271668120284674",
"309437697408835963435491344750418848567",
"55487556338234380101389120582211698424",
"65044831946815701418916060734694257496",
"34717998718497558311707462820480728943",
"48032060501509617061146108499893097700",
"299864582514854261898474149006641731932",
"263940894846030156297300886573999615961",
"243329305109373836229521595097902878488",
"147646181300052082512493753827072359915",
"305925884065262682990730192640184398035",
"16943574444131170494925679928097884339",
"21405223589787100622024935091375483803"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-4bf2a489",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/http2/codec_impl_test.cc",
"function": "TEST_P"
},
"deprecated": false,
"digest": {
"function_hash": "78964616097945204564391353947532275328",
"length": 482.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-4db8c88a",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/conn_manager_impl.cc",
"function": "ConnectionManagerImpl::ActiveStream::decodeHeaders"
},
"deprecated": false,
"digest": {
"function_hash": "49328374624067641086246148055799718288",
"length": 6862.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-504cc09b",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "122266747002886865875015753724884295330",
"length": 480.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-546e990e",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "142382172143047791348540314075114043449",
"length": 1103.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-6562cb1f",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/common/http/conn_manager_impl_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"185902965570235735601426005943845691902",
"211413125884861691685325918929994603940",
"197045542442432072904072030932391903645",
"106507437359400465812125410401264875294",
"140723952141785249540032907824107193780",
"161810201089360452210246300220394975495",
"39146930944087603056837558868675011313",
"162338880807218458199481962299729467677",
"84988327281741637550801814518288891754",
"194122800954671776090427206653558924950",
"151330251367464254842401834126340083509",
"188562969585448897136211092087393027209",
"1498841973274693986730840303491670835",
"308659122597686196999006324677094461426",
"43062087935822206101405996030135696231",
"249860009403398926531812217105287024216",
"2613078437943440827477721419561883483",
"109215422382861960815752537742245188842",
"100466950602119919227811343128060270614",
"228631274742905037067527462009274194136",
"36339810754036509740344199170707914836",
"264249441338335966041423980154756260732",
"125658595921088370737771491951511707726",
"37513374765226227962216218920741017803",
"311075221701368551919994520938494711204",
"312765037665360501836760703371463681051",
"223429505810267715596549129017454477030",
"162338880807218458199481962299729467677",
"84988327281741637550801814518288891754",
"151167317317926940389046987428027176013",
"243723476836049349538358709076274635261",
"328104749908575622415264297984590910160",
"139263291963730642334047425106364442490",
"2613078437943440827477721419561883483",
"109215422382861960815752537742245188842",
"103967339077579124681523572548525231841",
"114858106852897319313948762026235882843",
"143653710502404238430964299121883437805",
"212910732636088679833999628428177198409"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-68245f80",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"77137576336446704216057769715003143133",
"309244906438064003461556030654964118271",
"191174324518553850106575428757288680016",
"19001011989187102029264950124339125233",
"166241285512622401454789122603946674908",
"279171101412935341138372550274574342467",
"277328276285998801159513280240377928920",
"175061160890263636566995308535677435506",
"73848775402244898437109394177872572638",
"241956355556386251543926841406372223083",
"8968277276112332316612941009863434182",
"328907028976500140634760082176988161614",
"51091139838602747150298920284681674419",
"246547475635753267386909827219438287317",
"72066605608860274931052484497190910979",
"36380585019310511214008011483540152309",
"10063771722352290113750124878578898142",
"259184380318662937674941558316820504151",
"202951903498193942405501613936268123770",
"116096274285736787283847776833450469644",
"216354574517340760283220038270334825632"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-68e41888",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/http1/codec_impl.cc",
"function": "ConnectionImpl::onHeadersCompleteBase"
},
"deprecated": false,
"digest": {
"function_hash": "218474064794791823666974597483669917591",
"length": 1327.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-699b3a90",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::insertByKey"
},
"deprecated": false,
"digest": {
"function_hash": "286712255036847353435150887755473334137",
"length": 580.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-71ea4c50",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::removePrefix"
},
"deprecated": false,
"digest": {
"function_hash": "106868505598327599547253507426330290653",
"length": 484.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-720c3170",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"22452247847739715485822428899173266760",
"322046770267555914248899194753863459744",
"177078115575717902243483919115400746363",
"176696308931093126345423518679477099410",
"158125708155534525231342017463846443499",
"230436794445906033492697334787177054292",
"277779325843692546670295944974318193963",
"57452530784194520097278438208320744916",
"198963292970854079372964751337277069013",
"238370389570812193151579764957796807188",
"267665038341839795824829393626360748854",
"175524445926027790487638483397906048215",
"9094746971224783088595801511646054084",
"145809473818046883577784715440845778218",
"116026299242527718079778037667142700539",
"339077392320099918260384623590535140320",
"68575099386164705585297670168403195977",
"7347369982269985992609966372112996306",
"87636393707462753998342257114628059428",
"197583098432668797096513958155590501900",
"163815678875153138834724475516760050052",
"221033930334134749334535145900853848266",
"7347369982269985992609966372112996306",
"87636393707462753998342257114628059428",
"197583098432668797096513958155590501900",
"51514434603626580052825072148373869112",
"19634011039689135197216574996380671095",
"280350657707633938328765530381705573141",
"288493948083688182350529824178009737861",
"210333131854676882359383204173994233709",
"339731824451009623643296645593997783560",
"205295697781107892114163857519384039639",
"68774487764990141242931564718272249780",
"216256261228314795728060429261244930614",
"199749100569874580515599794707113723427",
"221673556400114634310858805197462687824",
"305120653940470660351096759808702472704",
"10280477619979378462523416610253912",
"266625945192416980008221926126015150844",
"52204640257156623953873620239097513799",
"35814811508482891394964785372202647277",
"197583098432668797096513958155590501900",
"206345779148039027739721278997038662270",
"249098285626466800416122900483174056045",
"31851631261343094846802298181677505932",
"330854722454591177216688963501321546892",
"170501286600201191000447146219931037609",
"198040245012012873431186913025576976918",
"320864416287991652933591868346017795417",
"188649250470394012027267308132131384976",
"177161376900208091352126685581354430571",
"85252399983978937517519911056020291096",
"32065422190968893756476540959287739971",
"216521646101835272332972366491961456734",
"185526135221733674763158153513210566563",
"53401786290967595505329142212255780778",
"27585920556029362891211371159998784741",
"186396312981373804312513700418277282600",
"240270536928115271676937158426285410908",
"324881719563639286636431117038977613356",
"114947628104912114543691358404605315375",
"236207306942404601404728418359778225186",
"221022879801451346391661446857839591350",
"328863858079511193254933544797255891013",
"301067306831291385676722049222964792100",
"204440018102292005795179083124549583787",
"3956777143180251737634366215096415771",
"66780274815080259942387976818538512428",
"72847906921759811631344889164944600945",
"263986005062611790584353661208058507525",
"149660671636166410484517969874400459144",
"89341086664822894486825900319679503910",
"214582687560744644849685594265640598132",
"185263638818698750596383462847700648640",
"75233646378196047731927697088938316483",
"303759409387441298323537810131521142213",
"201832791654933123637936360479591720506",
"40929766955305529934488466654626334610",
"278520950267772335572128151536815983836",
"24064612551961508641610499818449441777",
"226058641513843307980969140424304288078",
"10105629356853132674338351995119284787",
"14030531537342295040365085793148346525",
"211852937071400969683877489864008659290",
"55347179320866462172220975958231177204",
"87511035564625266090072576999116601635",
"213638561778100618233298278574101456681",
"209340181303431598278897893736769305568",
"102576343325384239972790351361687685332",
"222277266990431073673735832913270509605",
"215308212486506607237126312998977023990",
"128517659385540035287072841275482232367",
"218800465198868929817351476796737888591",
"48097074683491718669428662820840481739",
"295259469479891839646389653555704902120",
"206751190244320586630198087039872908306",
"120405746855914294048173359467760569249",
"190618231312777903410954254232355867555",
"218520154726700128005145842995989811895",
"35130704842677581428622226813560539844",
"329749294187954724211461150590687494797",
"335463695383531512839161525933043497873",
"74723963388956560939013064494110971021",
"1163452201378744130867496049321574065",
"52110671207895830960696616882746882446",
"249349619697658039840603546034597520104",
"117659136304110850183870210988164434616",
"177644133430953320022215865315539876109",
"223775350279560986907819698777597720960",
"301259379399689109282102906438562352958",
"63954590307918594569598587442925860350",
"143662504554058222179167904776305221057",
"127071196989729128746001086641162847039",
"30187829782713436902200396709657859167",
"199627305334398852120286114117442502462",
"170682477533567388768856846832206097978",
"329985012184116050562142335590191907108",
"63642350644632309298754063967590276467"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-77d8a285",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/extensions/filters/http/rbac/rbac_filter.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"82487334753024727337936054729687677098",
"262539341151750292049644540141570397837",
"192149238796297559956060656255124574018",
"323143369115166103216293006452472904399",
"208692365475673316741965138907748769236",
"35601628426525282206885506619494851701",
"250580336415657570355862148804484960537",
"186490204317909110869149660544591644649"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-7c90f78f",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/extensions/access_loggers/grpc/http_grpc_access_log_impl.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"184206089705716692287115210561204532076",
"149110845407613733666872607273855392346",
"35681193302971267440858909008316228153",
"18821883995186885848592619714234655601",
"41240752710823810188403289742864676204",
"177224368837147568270380200592342441643",
"195189928966908290527517782131536286680",
"37083305954759589434547383171480264024"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-8644c8f9",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/integration/http_integration.cc",
"function": "HttpIntegrationTest::waitForNextUpstreamRequest"
},
"deprecated": false,
"digest": {
"function_hash": "148946572061309626343434824618156484301",
"length": 711.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-93067693",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::addCopy"
},
"deprecated": false,
"digest": {
"function_hash": "54459808058826654764520464921317060552",
"length": 477.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-94e98644",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/common/http/http2/codec_impl_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"291767897729131236287408416089336180680",
"10822169321015429629600460836065041286",
"280840079117522623241484717001780080692",
"257074014032281623262283146912498436764",
"280727817915797724025130780925336075611",
"33875081372993861064924719093721685887",
"336849389084370518856509533272148816637",
"309313634213919959794600987356075491903",
"337804666798086706614977240119046102241",
"331937724437529518048900120578759003798",
"278000092577812826050695039907987002616"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-9b3b1e1d",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/integration/http_integration.cc",
"function": "HttpIntegrationTest::sendRequestAndWaitForResponse"
},
"deprecated": false,
"digest": {
"function_hash": "43159688972698702753108499893581019128",
"length": 540.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-a84c579b",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "183558115359622336758041348517026063302",
"length": 271.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-a91668e5",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "133389140480701011260428946376791499341",
"length": 7091.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-b9b922a6",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/extensions/filters/common/expr/context.cc",
"function": "operator[]"
},
"deprecated": false,
"digest": {
"function_hash": "308887503496479711703546222810546086701",
"length": 1878.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-bde15d23",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/conn_manager_impl_test.cc",
"function": "TEST_F"
},
"deprecated": false,
"digest": {
"function_hash": "246471366175467242062355546884858349681",
"length": 709.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-c4978e0d",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/integration/http2_integration_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"234884055004117809220301433743603651458",
"325159114023839894482756899280722047284",
"275515064604680779028197551834639614407"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-c893d0d9",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "301333208195968395735738587250285889918",
"length": 1459.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-cf14f023",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "158553517830104260288979199119342967628",
"length": 476.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-d0884eb3",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "150764512409266404449452648612432435853",
"length": 307.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-d213e07b",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"327774175556097362163703975154518701064",
"75738890847293468119375771312440827944",
"246999075898552802108556473200308304311",
"14992035806810861645532915193900375620",
"137892366549752207865713464392846058852",
"220509411951066757192786183215548121590",
"178562796247199700992986729914070677673",
"107918919513222806800943303935834545763",
"255729257105700046504452473664717647945",
"185459908403497826867535577075207066123",
"337066694916297780453191380375558827111",
"180554454790862000271657477145572114393",
"327618639220910618581387704668711810439",
"127435886001805558286593601660136500599",
"202193765587633851577567721097311045591",
"115564864510387068593602922901325435832",
"197787323330510882285639906209994232230",
"146989710420120523464653008672212548256",
"293477685556026481213310997782411536014",
"311975511836295867366201684937552411414",
"46032461772231707238105979448479889977",
"175127681152896621267201884539638414282",
"33886886727076422113277937520548279366",
"69574112763199681154989026468615353336",
"79503164301616606478787118194128554279",
"142244263308289809981036426458295031994",
"171813444547202779983938894430164443276",
"194443263643310246154594577839523792195",
"263247206111009946450509893234219156732",
"117557867855453352230116221942154021041",
"71258832623451265454684416447778337413",
"179883625117552713640059166626869113973",
"272208662806187432224207138267462001744",
"5149861815164447358952450979495692375",
"254361760992955440071333842726443509307",
"66073139944245520477337066285121236192",
"279928363478250820359591584704357685448",
"233061633652983299902591947182532137125",
"320245642371632440426707098530296895964",
"202747458060384331087559050526991681183",
"163064713998160861840847775545928191014",
"320878198657280395784936125194561094294",
"24943306773789344818367918390715924527",
"241147259615391143041294767539174758550",
"38498509258110645399048257408641651755",
"84384048010243524709773201940096203315",
"79806308396093866301377162255488309144",
"10894900166916229191274151071775384880",
"44141991404755857367187037714538195280",
"245848601153504550214640025129185151667",
"254089720392315346747790111937055588312",
"62414669406408639782929653788135931609",
"11477195174317096384097204150468730444",
"30578923507781599240323526673394735293",
"333063421983075998980831954177674468512",
"55124627789768267560375570763924334608",
"322805856484656149097824213471736993433",
"257826809544944298460663474905416226849",
"157653863378033228130146151776953116309",
"243478991496368284877527498145153790587",
"76506974713918516417817293172828645227",
"316238892669357806391188070681884995950",
"338102025923319349013292578328483911307",
"123729871493361016098816429728483812457",
"66476586055231839357229158472952869344",
"1634376998886029319493544631822350760",
"221240854088856691474167900162721708581",
"22374404689325251366718766623329590756",
"176734800661251580716203819168128809185",
"181196570253688205998869173457806200203",
"7941742875002151379496635261005785715"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-d3c9d0be",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/integration/http_integration.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"24389552087182175685940042617529299761",
"146397607961816593367373104097253639995",
"186343765496445947935591273229098341556",
"22373941150731108193580395529013808644",
"306540044087637700663012418032328166881",
"51155883589170658062000337572340482010",
"97755627392771161418161468464827678336",
"283818102911791242247408864880747265852",
"81271352844807599842525132291457754746",
"296388325724362344930622082311815171847",
"8454034170896937834917234578158394674",
"297342210041901617520530842271471105961",
"227374282422040693970467451368749044786",
"40776240704745797429043888362019258774",
"10610326019995448596022010740301819233"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-d4b1b7c6",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/integration/http_integration.cc",
"function": "HttpIntegrationTest::waitForNextUpstreamRequest"
},
"deprecated": false,
"digest": {
"function_hash": "20179780687013323797480235970698458820",
"length": 146.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-dabed505",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/http2/codec_impl.cc",
"function": "ConnectionImpl::onFrameSend"
},
"deprecated": false,
"digest": {
"function_hash": "292189807792039144006378432059700473623",
"length": 785.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-e7fa106b",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::addViaMove"
},
"deprecated": false,
"digest": {
"function_hash": "230146202828023572707679536629776283066",
"length": 324.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-eac6b5f3",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::remove"
},
"deprecated": false,
"digest": {
"function_hash": "6212229920990723268045034677561910033",
"length": 444.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-eacc621f",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "98806222979092203582266767205418993765",
"length": 1194.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-eb93d97b",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_speed_test.cc",
"function": "HeaderMapImplGetByteSize"
},
"deprecated": false,
"digest": {
"function_hash": "167261409319143442149952868456516469280",
"length": 204.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-ec8d993c",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_speed_test.cc"
},
"deprecated": false,
"digest": {
"line_hashes": [
"74962995785413153768715932762862528597",
"13765685572425148658054442752840193982",
"162280532145842868217296438800545920062",
"275137048994256677442551691174627939450"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-f34e856f",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "source/common/http/header_map_impl.cc",
"function": "HeaderMapImpl::maybeCreateInline"
},
"deprecated": false,
"digest": {
"function_hash": "149628446648761389928312676876334147818",
"length": 233.0
}
},
{
"source": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"id": "CVE-2019-15226-f3ea275d",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "test/common/http/header_map_impl_test.cc",
"function": "TEST"
},
"deprecated": false,
"digest": {
"function_hash": "241031981916072836940773222593774736612",
"length": 2073.0
}
}
]