4 matches found
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the flow control management process while overriding onAboveWriteBufferHighWatermark and onBelowWriteBufferLowWatermark callbacks. An attacker can cause a crash of the TCP connection pool by sending large...
CVE-2025-62409
CVE-2025-62409 affects Envoy, where large requests/responses can trigger TCP connection pool crashes due to flow-control handling when the connection is closing but upstream data still arrives, causing a buffer watermark callback nullptr reference. Affected products include the Envoy core with TC...
CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...
CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...