GO-2026-4312 Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway

Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway...

CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

Fedora: Security Advisory (FEDORA-2023-a1b28cf117)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service DOS. The vulnerability is due to the async HTTP client buffering the mirror response with an unbounded buffer, which allows attackers to potentially cause an out-of-memory scenario by sending huge responses...

CVE-2024-32976

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

PT-2024-25023 · Unknown · Envoyproxy

Name of the Vulnerable Software and Affected Versions: Envoyproxy affected versions not specified Description: The issue arises when Envoyproxy, equipped with a Brotli filter, encounters an endless loop during the decompression of Brotli data that contains extra input. This can occur in Envoy, a...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service. This vulnerability is due to not resetting a request when header map limits are exceeded, allowing attackers to send a sequence of CONTINUATION frames without the ENDHEADERS bit set, leading to unlimited memory consumption and denial...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable of Denial Of Service DoS. The vulnerability is due to missing checks to determine if an address type is supported by the OS. An attacker can send a request using a IPv6 address to a host with IPv6 disabled and a listener config with proxy protocol enabled...

Denial Of Service (DOS)

github.com/envoyproxy/envoy is vulnerable to Denial of Service. The vulnerability is due to specific timeout configurations leading to crashes when hedgeonpertrytimeout, pertryidletimeout, and per-try-timeout are enabled with values within certain intervals...

Authentication Bypass

github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The vulnerability is caused due to downstream clients being able to force invalid gRPC requests to extauthz, thereby circumventing extauthz checks when failuremodeallow is set to true. This leads to external authentication gettin...

Fedora 39 : golang-github-cncf-xds / golang-github-envoyproxy-control-plane / etc (2023-6b89bc0305)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6b89bc0305 advisory. Contains updates to address CVE-2022-28357,41717 and also NATS: 2023-01 nats-server: Adding accounts for just the system account adds auth bypass Tenable has...

Fedora: Security Advisory for golang-github-envoyproxy-control-plane (FEDORA-2023-6b89bc0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: golang-github-envoyproxy-control-plane-0.11.1-1.fc39

Go implementation of data-plane-api...

Fedora: Security Advisory for golang-github-envoyproxy-control-plane (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : golang-github-cncf-xds / golang-github-envoyproxy-control-plane / etc (2023-f122ea1b3e)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f122ea1b3e advisory. Contains updates to address CVE-2022-28357,41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Authentication Bypass

github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The library supports mixed-case schemes for HTTP/2; however, internal checks that are case-sensitive may result in rejections or bypasses in unencrypted connections, possibly harming htTp and htTps requests...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service DoS attacks. When the library receives RSTSTREAM and GOAWAY frames from an upstream server, it might leak header maps and bookkeeping structures. The de-allocation of the accounting structure and compressed header is skipped during th...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...