Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "131204029759339862986326872176907194143", "8315711033336415069387641955587933397", "180178330427094755049822304876287727863", "154652574641508373041638957818451707934" ] }, "id": "CVE-2020-35471-373da623", "source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c", "signature_type": "Line", "signature_version": "v1", "target": { "file": "source/server/connection_handler_impl.cc" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "304832360493619245575785821857941230522", "58072314304350740758434783398840774936", "253066578701505843595586025947161622852", "143395993664261232895963008373531278921", "90535865904670140656649989927407341081", "30695165069688148553736720927527606474", "273542442853495813808105517980188796478", "44454462798017145680154333844542751925", "98738407283226628477786289393006431257", "112043481163063748425909700695669389018", "156095165858063837556317049279107360653", "260460737136737242659349249103925760821", "324980028845647638019925282319855723158", "287840385617234031781812252431680592404", "215831503921888146377477691678125399780" ] }, "id": "CVE-2020-35471-4471e0c5", "source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c", "signature_type": "Line", "signature_version": "v1", "target": { "file": "test/integration/proxy_proto_integration_test.h" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "317158422460062390569541586553340651141", "188545860483965097382454808649672515013", "87136608404409369736246237155290488473", "29667346942229151296377789069746541136", "173345536128078706522041138752856204893", "262294055421710382396638433211288245350", "317163328929627490087814819905050249142" ] }, "id": "CVE-2020-35471-5bd07ec1", "source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c", "signature_type": "Line", "signature_version": "v1", "target": { "file": "test/integration/proxy_proto_integration_test.cc" }, "deprecated": false }, { "digest": { "function_hash": "185610297851602743970956302374790945869", "length": 607.0 }, "id": "CVE-2020-35471-64c1d30b", "source": "https://github.com/envoyproxy/envoy/commit/0717f49fef0dac3818cd7cdc52bf18e0ae1f7a2c", "signature_type": "Function", "signature_version": "v1", "target": { "file": "test/integration/proxy_proto_integration_test.h", "function": "ProxyProtoIntegrationTest" }, "deprecated": false } ] }