{}

{}

{}

{"bugzilla": {"description": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack", "id": "2487465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-409", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Disable HTTP/2 support on Envoy listeners where it is not strictly required, or deploy behind a CDN/reverse proxy that can absorb or rate-limit such attacks. Limiting the maximum number of concurrent streams and header list size via Envoy configuration can also reduce the attack surface."}, "name": "CVE-2026-47774", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/proxyv2-rhel9", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Affected", "package_name": "openshift-service-mesh/istio-proxyv2-rhel9", "product_name": "OpenShift Service Mesh 3"}], "public_date": "2026-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-47774\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-47774"], "threat_severity": "Important"}