No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 03 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-776 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 29 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 26 Jun 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Envoyproxy
Envoyproxy envoy |
|
| Vendors & Products |
Envoyproxy
Envoyproxy envoy |
Fri, 26 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1. | |
| Title | Envoy: Stack overflow in destructor of highly nested JSON | |
| Weaknesses | CWE-1124 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-29T13:27:38.828Z
Reserved: 2026-05-20T18:15:53.578Z
Link: CVE-2026-48042
Updated: 2026-06-29T13:27:30.522Z
No data.
OpenCVE Enrichment
Updated: 2026-07-04T04:30:16Z