CVE-2020-12604 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-12604 Interim 1 17 2025-02-17T01:29:27Z current 2021-05-30T14:40:05Z 2025-02-17T01:29:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-12604 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2020-October/007599.html E-Mail link for SUSE-CU-2020:555-1 https://lists.suse.com/pipermail/sle-security-updates/2020-October/007600.html E-Mail link for SUSE-CU-2020:556-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008285.html E-Mail link for SUSE-CU-2021:50-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008286.html E-Mail link for SUSE-CU-2021:51-1 https://lists.suse.com/pipermail/sle-updates/2020-October/016494.html E-Mail link for SUSE-RU-2020:2960-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008279.html E-Mail link for SUSE-SU-2021:0335-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUFXLLYPEPLGLE3CNOENBUDET76YJXPI/ E-Mail link for openSUSE-SU-2022:0065-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.5 SUSE Package Hub 15 SP3 openSUSE Leap 15.3 caasp-release-4.5.3-1.13.1 envoy-proxy-1.14.6-bp153.3.4.1 envoy-proxy-source-1.14.6-bp153.3.4.1 helm3-3.3.3-3.5.2 skuba-2.1.13-3.15.7.2 skuba-update-2.1.13-3.15.7.2 caasp-release-4.5.3-1.13.1 as a component of SUSE CaaS Platform 4.5 helm3-3.3.3-3.5.2 as a component of SUSE CaaS Platform 4.5 skuba-2.1.13-3.15.7.2 as a component of SUSE CaaS Platform 4.5 skuba-update-2.1.13-3.15.7.2 as a component of SUSE CaaS Platform 4.5 envoy-proxy-1.14.6-bp153.3.4.1 as a component of SUSE Package Hub 15 SP3 envoy-proxy-source-1.14.6-bp153.3.4.1 as a component of SUSE Package Hub 15 SP3 envoy-proxy-1.14.6-bp153.3.4.1 as a component of openSUSE Leap 15.3 envoy-proxy-source-1.14.6-bp153.3.4.1 as a component of openSUSE Leap 15.3 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. CVE-2020-12604 SUSE CaaS Platform 4.5:caasp-release-4.5.3-1.13.1 SUSE CaaS Platform 4.5:helm3-3.3.3-3.5.2 SUSE CaaS Platform 4.5:skuba-2.1.13-3.15.7.2 SUSE CaaS Platform 4.5:skuba-update-2.1.13-3.15.7.2 SUSE Package Hub 15 SP3:envoy-proxy-1.14.6-bp153.3.4.1 SUSE Package Hub 15 SP3:envoy-proxy-source-1.14.6-bp153.3.4.1 openSUSE Leap 15.3:envoy-proxy-1.14.6-bp153.3.4.1 openSUSE Leap 15.3:envoy-proxy-source-1.14.6-bp153.3.4.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H