Envoy 安全漏洞

🗓️ 09 Jun 2022 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

Envoy vulnerability before 1.22.1 can drain memory via decompressor buffer, causing denial of service.

Reporter	Title	Published	Views	Family All 61
BDU FSTEC	The vulnerability of the decode/encodeBody component in the Envoy proxy server allows a attacker to induce a service failure.	6 Jul 202200:00	–	bdu_fstec
Circl	CVE-2022-29225	10 Jun 202200:33	–	circl
CNVD	Envoy has an unspecified vulnerability (CNVD-2022-82665)	10 Jun 202200:00	–	cnvd
CVE	CVE-2022-29225	9 Jun 202219:15	–	cve
Cvelist	CVE-2022-29225 Zip bomb vulnerability in Envoy	9 Jun 202219:15	–	cvelist
Oracle linux	kubernetes security update	29 Nov 202200:00	–	oraclelinux
Oracle linux	kubernetes security update	29 Nov 202200:00	–	oraclelinux
Oracle linux	kubernetes security update	29 Nov 202200:00	–	oraclelinux
Oracle linux	kubernetes security update	29 Nov 202200:00	–	oraclelinux
Oracle linux	olcne security update	11 Jul 202200:00	–	oraclelinux

Source	Link
github	www.github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343
github	www.github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022070541
auscert	www.auscert.org.au/bulletins/ESB-2022.2900
access	www.access.redhat.com/security/cve/cve-2022-29225
cxsecurity	www.cxsecurity.com/cveshow/CVE-2022-29225/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022061010
packetstormsecurity	www.packetstormsecurity.com/files/167850/Red-Hat-Security-Advisory-2022-5004-01.html
packetstormsecurity	www.packetstormsecurity.com/files/167489/Red-Hat-Security-Advisory-2022-5003-01.html
auscert	www.auscert.org.au/bulletins/ESB-2022.3685

23 May 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 25

CVSS 3.17.5

EPSS0.0143

SSVC

Envoy vulnerability versions before 1.22.1 memory exhaustion decompressor buffer