CNNVD-202510-2282 Information

CNNVD ID

CNNVD-202510-2282

Related CVE

CVE-2025-62504

• CNNVD Published: 2025-10-16

Description (Chinese)

Envoy是Enphase开源的一款用于连接智能家居设备的网关程序。 Envoy 1.36.2之前版本、1.35.6之前版本、1.34.10之前版本和1.33.12之前版本存在资源管理错误漏洞，该漏洞源于Lua过滤器存在释放后重用，可能导致拒绝服务。

Description (English)

Envoy is an enphase open source gateway to connect smart home devices. Before Envoy 1.36.2, before 1.35.6, before 1.34.10 and before 1.33.12, there was a resource management error gap, which stemmed from the release and reuse of the Lua filter, which could lead to the denial of services.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

Enphase

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-gcxr-6vrp-wff3

Patch

https://github.com/envoyproxy/envoy/releases