2 matches found
BIT-ENVOY-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with autosni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when settin...
PT-2024-3092 · Envoy +1 · Envoy +1
Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.5 Envoy versions prior to 1.28.3 Envoy versions prior to 1.29.4 Envoy versions prior to 1.30.1 Description: The issue arises when an upstream TLS cluster is used with auto sni enabled and a request contains a...