CNNVD-202510-2311 Information

CNNVD ID

CNNVD-202510-2311

Related CVE

CVE-2025-62409

• CNNVD Published: 2025-10-16

Description (Chinese)

Envoy是Enphase开源的一款用于连接智能家居设备的网关程序。 Envoy 1.36.1之前版本、1.35.5之前版本、1.34.9之前版本和1.33.10之前版本存在安全漏洞，该漏洞源于流控制管理不当，可能导致TCP连接池崩溃。

Description (English)

Envoy is an enphase open source gateway to connect smart home devices. There is a security loophole in the pre-Envoy 1.361, pre-A.3.5, pre-A.3.4.9 and pre-A.3.3.10, which stems from inadequate flow control management and could lead to the collapse of the TCP connective pool.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Enphase

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-pq33-4jxh-hgm3

Patch

https://github.com/envoyproxy/envoy/releases