CVE-2026-48706
envoyproxy envoy 취약점
- 대응 우선순위
- 점검
- CVSS
- 7.5
- EPSS
- 0.61% 백분위 44.7% · 2026.06.30 기준
- CISA KEV
- 미등록
- 조치 기한
- -
- 공개일
- 2026.06.27
CVSS 위험도가 높아 영향 여부를 우선 점검할 취약점
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can be overflowed by exceptionally long statistic names (e.g., >16KiB). During formatting, TcpStatsdSink reserves a single contiguous memory slice of 16KiB (FLUSH_SLICE_SIZE_BYTES). If formatting a single metric exceeds the remaining capacity, the flusher initiates a buffer rotation but incorrectly continues to allocate another fixed 16KiB slice. I...
공급사 envoyproxy
제품 envoy
영향 버전 >= 1.38.0, < 1.38.3, >= 1.37.0, < 1.37.5, >= 1.36.0, < 1.36.9, >= 1.34.0, < 1.35.13, >= 1.34.0 < 1.35.13, >= 1.36.0 < 1.36.9, >= 1.37.0 < 1.37.5, >= 1.38.0 < 1.38.3
수정 버전 1.35.13, 1.36.9, 1.37.5, 1.38.3
CVSS 벡터 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-120
EPSS 데이터 기준일 2026.06.30